HTTP 401 Unauthorized

Overview

The HTTP 401 Unauthorized status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.

Purpose

The HTTP 401 response is used to signify that the client request has failed authentication. It is typically accompanied by a WWW-Authenticate header that contains information on how to authorize correctly.

Usage

Client Behavior:

  1. Send Request: The client sends an HTTP request to a protected resource without authentication or with invalid credentials.
  2. Receive Response: The client receives the HTTP 401 status code, indicating that authentication is required or has failed.

Server Behavior:

  1. Authenticate Request: The server attempts to authenticate the client’s request.
  2. Send Response: If authentication fails, the server sends a 401 Unauthorized response, often with a WWW-Authenticate header specifying how to authenticate.

Scenarios

  • Protected Resources: Accessing resources that require user authentication, such as private API endpoints or restricted web pages.
  • Authentication Failure: When the client provides incorrect or no authentication credentials.

Sequence Diagram

Illustrating the process for an HTTP 401 response:

sequenceDiagram
    participant Client
    participant Server as Web Server

    Note over Client: Client attempts to access a protected resource
    Client->>Server: GET /protected-resource HTTP/1.1
    Note over Server: Server requires authentication
    Server->>Client: HTTP/1.1 401 Unauthorized
    Server->>Client: WWW-Authenticate: Basic realm="Access to protected resource"

Curl Request and Response Example

Sending a request using Curl to a protected resource that requires authentication:

curl -i http://example.com/protected-resource
# Expected response: HTTP/1.1 401 Unauthorized
# WWW-Authenticate: Basic realm="Access to protected resource"

PHP cURL Request and Response Example

PHP script using cURL to handle a response from a protected resource requiring authentication:

<?php
$ch = curl_init('http://example.com/protected-resource');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if (curl_getinfo($ch, CURLINFO_HTTP_CODE) == 401) {
    echo "Unauthorized access. Authentication required.";
}
curl_close($ch);
?>

Python Request and Response Example

Python script to send a GET request to a protected resource resulting in a 401 Unauthorized response:

import requests
response = requests.get('http://example.com/protected-resource')
if response.status_code == 401:
    print("Unauthorized access. Authentication required.")

Apache Configuration for HTTP 401 Unauthorized

Configuring Apache to secure a resource with basic authentication:

<VirtualHost *:80>
    ServerName example.com
    <Location "/protected-resource">
        AuthType Basic
        AuthName "Access to protected resource"
        AuthUserFile /path/to/.htpasswd
        Require valid-user
    </Location>
</VirtualHost>

NGINX Configuration for HTTP 401 Unauthorized

Setting up NGINX to protect a resource with authentication:

server {
    listen 80;
    server_name example.com;
    location /protected-resource {
        auth_basic "Access to protected resource";
        auth_basic_user_file /path/to/.htpasswd;
    }
}

HTTP 400 Bad Request HTTP 402 Payment Required

 

Free Weekly

Newsletter

Join my weekly newsletter for the latest in tech! You'll get neat coding tricks, trend updates, career advice, SaaS reviews, crypto, bitcoin, and financial tips. All straight to your inbox, designed to keep you ahead.

All tactics. No fluff. Action takers Only 🚀

© 2024 Orhan Doğan
Privacy PolicyTerms of UseContact