This is the method used for the Intranet at IT-C.

It may be triggered by a server-script (e.g. PHP) or directly by the Web server (e.g. Apache or IIS).

Here is the general picture:

1. The client requests the page index.php from the web-server
2. A requests for authentication is send back to the browser, by returning an HTML-file with a header of the form
   WWW-Authenticate: Basic realm="IT University Intranet"
HTTP/1.0 401 Autherization Required
   
The page may look like

WWW-Authenticate: Basic realm="IT University Intranet" HTTP/1.0 401 Authorization Required <body> <h1>Invalid login/password</h1> You must provide a valid login and password to enter this site. <p> <hr> <address>Apache/1.3.20 Server at www.it-c.dk Port 80</address> </body>

3. The first header triggers the browser to open a dialogue box, prompting the user for user name and password
4. If the user press Cancel or e.g. fails too many times, the rest of the authentication page is shown
5. If the user press Ok, the user name and password are send (by default in plain text) to the web-server, which is then validated
6. If the user has provided the correct password, the requested page is send back, otherwise the authentication request is resend