User:El komodos drago/sandbox/HTTP Authentication

HTTP Authentication is where a HTTP server (typically a website) collects and subsequently authenticates credential information from a user agent (typically a web browser) to prevent access by users without the correct credentials. The typical process is that when a client attempts to access a individualised or restricted part of a page they are sent a HTTP 401 (unauthorised) response which contains a WWW-Authenticate header outlining the type of authenticating to be provided. The client then repeats the request this time with an Authorization header containing the type of authentication being used. Many authentication methods do not use this typical approach, however, either using a web form or a custom header. These include HTTP+HTML form-based authentication and many implementations of API keys.

HTTP+HTML form based authentication
This is the most common way of initially authenticating a user. Instead of allowing the browser to generate a pop up asking for credentials, the website presents a webform asking for them. However as the form has to be filled in every time, it is used in tandem with another form of authentication.