Basic Authentication in ASP.NET Web API
Basic authentication is defined in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication.
Disadvantages
- User credentials are sent in the request.
- Credentials are sent as plaintext.
- Credentials are sent with every request.
- No way to log out, except by ending the browser session.
- Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.
Advantages
- Internet standard.
- Supported by all major browsers.
- Relatively simple protocol.