Next: , Previous: , Up: Usage Examples   [Contents][Index]

4.7 Basic Authentication

The following example demonstrates BASIC HTTP authentication. The handler prompts an unauthenticated client for authentication by sending a “WWW-Authenticate” header.

(ws-response-header process 401
  '("WWW-Authenticate" . "Basic realm=\"example\"")
  '("Content-type" . "text/plain"))

The client replies by setting the “Authorization” HTTP header which is parsed into a list of the form (PROTOCOL USERNAME . PASSWORD). Currently only BASIC HTTP authentication is supported.

Note: BASIC HTTP authentication passes user credentials in plain text between the client and the server and should generally only be used with HTTPS network encryption. While the Emacs web server currently doesn’t support HTTPS network encryption it may be run behind an HTTPS proxy server (e.g., Apache or Nginx) with HTTPS support.

;;; basic-authentication.el --- basic authentication
(lexical-let ((users '(("foo" . "bar")
                       ("baz" . "qux"))))
    (lambda (request)
      (with-slots (process headers) request
        (let ((user (caddr (assoc :AUTHORIZATION headers))))
          (ws-response-header process 200 '("Content-type" . "text/plain"))
          (process-send-string process (format "welcome %s" user)))))