Share via


Basic Authentication and RTC

Other versions of this page are also available for the following:

Windows Mobile Not SupportedWindows Embedded CE Supported

8/28/2008

Basic authentication is an industry-standard method that gathers user name and password information.

This method provides minimal user identification and, as a part of the HTTP specification, is available on most network browsers.

Basic authentication is a challenge-response authentication method, where the server challenges the client.

The disadvantage of Basic authentication is that the password and user name are sent over the network in clear text. These credentials can be viewed by anyone monitoring the network.

RTC uses Transport Layer Security (TLS) to encrypt the packets that contain basic authentication information. However, if TLS is not available on all connections along the route, the credentials remain visible on those segments.

The RTC Client API does not respond to a Basic authentication challenge from the server if TLS is not specified in the profile for the session.

Note

The Basic authentication method contains a security risk because the credentials can be viewed along the network path. This method is not recommended for use in RTC communications without careful consideration of the risk involved.

See Also

Concepts

RTC Authentication