...
Note that when using this with a browser, you will not be able to logoff effectively, since the browser will keep sending the HTTP Request header without prompting the user, so you need to close the browser. This is one of the main reasons you should avoid using basic authentication if possible, but it might be useful for having applications as clients instead of normal browsers.
When
...
Does Portalprotect Authenticate the User
If basicAuthenticationEnabled=true and if the request from the client contains an Authorization: Basic HTTP header, and if the current session does not contain an authenticated user, then PortalProtect will use the userid/password to attempt to authenticate the user before processing the request. Once the session contains an authenticated user, no matter how he authenticated (basic auth or otherwise) the PP dispatcher will simply ignore the Authorization header.
How
...
Are Authentication Errors Handled
By default, PortalProtect will redirect to the URL defined in urlAccessFailedRedirect but that behaviour can be changed using authentication error rules.
...
You must take care that the error URLs you redirect to are on an alternateserver definition where basic authentication is disabled, if not, and if the client still sends the Authorization: Basic HTTP header, the PP dispatcher will attempt to authenticate the new request, which will then fail causing a redirect loop to occur.
How
...
Portalprotect Decides When to Require Authentication
By default, PortalProtect will not prompt browser/client for basic authentication, as long as the servers which the client attempts to send requests to are not protected, i.e. if they allow anonymous access. If the current request is not allowed, and if basicAuthenticationEnabled=true then PP Dispatcher will either redirect the user to an error URL where he can authenticate using other means, or send an HTTP 401 response, with the “WWW-Authenticate: Basic” HTTP response header. This will ask the client to provide basic auth credentials.
...