Server Authentication

When a server receives a request that requires authentication, the server returns a 401 status code message. In that message, the server should include one or more WWW-Authenticate response headers. These headers include the authentication methods the server has available. The Windows Internet Services (WinInet) functions pick the first method they recognize.

Basic authentication provides weak security unless the channel is first link-encrypted with SSL or Transport Layer Security (TLS) 1.0.

The InternetErrorDlg function can be used to obtain the user name and password data from the user, or a custom control can be designed to obtain the data.

A custom control can use the InternetSetOption function to set the INTERNET_OPTION_PASSWORD and INTERNET_OPTION_USERNAME values and then resend the request to the server.

See Also

HTTP Authentication | FTP Sessions

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.