The Allow authentication through HTTP authorization header check box on the LDAP Authentication options screen allows Basic (401) authentication as either an alternative or a substitute for the iChain login form/page.
This feature allows iChain to process a request, log in the user (if necessary), and return the response without having a programmer deal with login redirects or parsing login pages and forms. The iChain cookie is returned in the response for possible use in subsequent requests. If authorization headers are optional, a user who is not authenticated is redirected to the standard iChain login page. If the headers are mandatory, a 401 status is returned. The browser then requests the user’s credentials, and the request is resubmitted along with the user’s credentials. In this mode, the CDA features are disabled.
NOTE:We do not recommend Basic Authentication for use with users/browsers because of security issues relating to lack of control of the credentials on the wire. The primary use is anticipated to be programming-related, where the credentials can be passed in an authorization header along with a request. That way, a programmer retains control over the exposure of the credentials.