Authentication-Type

When sending an HTTP request to a server, the Authentication-Type describes how the request wants the server to validate a given username and password.

Basic Authentication: This is the most common authentication-type. The username and password are sent as an unencrypted base64 encoded text.

Auto Negotiate: This authentication automatically selects between the Kerberos protocol and NTLM authentication, depending on availability. Kerberos is used if it is available, otherwise NTLM is used.

**NTLM: **This method uses a secure challenge/response mechanism that does not allow password captured or reply attacks if you use HTTP. It only works with HTTP/1.1 persistent connections and cannot always be used with all HTTP proxies. This method should not be used if the connections are regularly closed by your web server.

Digest Authentication: The credentials are passed to the server in hashed form. Although the credentials cannot be captured over HTTP, the request can be replayed using the hashed credentials.

Updated on: 10/06/2022