Cookbooks
C
Chapter 11. HTML and the Web
Sending an HTTP request with basic authentication

C:
Sending an HTTP request with basic authentication

How to:

To send an HTTP request with basic authentication in C, we’ll need to use the libcurl library, a popular, versatile, and easy-to-use client-side URL transfer library. It handles various protocols, including HTTP and HTTPS, making our task simpler. Ensure libcurl is installed in your system before proceeding. Here’s a basic example that demonstrates how to send a GET request with basic auth:

#include <stdio.h>
#include <curl/curl.h>

int main(void) {
    CURL *curl;
    CURLcode res;

    curl_global_init(CURL_GLOBAL_DEFAULT);

    curl = curl_easy_init();
    if(curl) {
        // The URL to which the request is being sent
        curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/resource");
        // Enabling the use of basic authentication
        curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
        // Providing the username and password for the basic authentication
        curl_easy_setopt(curl, CURLOPT_USERPWD, "username:password");

        // Performing the GET request
        res = curl_easy_perform(curl);

        // Checking for errors
        if(res != CURLE_OK)
            fprintf(stderr, "curl_easy_perform() failed: %s\n",
                    curl_easy_strerror(res));

        // Always cleanup
        curl_easy_cleanup(curl);
    }
    
    curl_global_cleanup();

    return 0;
}

In the example above, replace "http://example.com/resource", "username", and "password" with your actual URL, username, and password.

This code initializes a CURL object, sets the URL, enables HTTP Basic Authentication, and specifies the credentials. It then sends the request and cleans up after itself. If successful, the requested resource is fetched; if there’s an error, it’s printed to stderr.

Sample output (assuming successful authentication and resource access) might not be directly shown by the program, as the example primarily demonstrates sending the request. To print the response, you’d extend the program to handle the HTTP response data.

Deep Dive:

Sending HTTP requests with basic authentication in C, as shown, leverages the libcurl library for its robustness and simplicity. Historically, crafting HTTP requests purely in C without such libraries was cumbersome and error-prone, involving lower-level socket programming and manual construction of HTTP headers.

Basic authentication itself is a method from the early days of the web. It sends credentials in an easily decodable format (Base64), which is inherently insecure over plaintext channels. Modern applications often prefer more secure authentication methods, such as OAuth 2.0 or JWT (JSON Web Tokens), especially for sensitive data.

However, for internal, less critical systems, or quick-and-dirty scripts where convenience outweighs the security concerns, basic auth remains in use. Furthermore, when combined with encrypted connections (HTTPS), its simplicity becomes an advantage for rapid development, testing, or automationwork where higher-tier security mechanisms aren’t as necessary.

In contexts where cutting-edge security is non-negotiable, alternatives like token-based authentication should be prioritized. Nonetheless, understanding how to implement basic auth in C through libcurl provides a foundational skill that can be adapted to various authentication methods and protocols, reflecting the nuanced trade-offs between security, convenience, and application requirements in web development.

Sending an HTTP request