Error Server 401
Contents |
360 games PC games server error 404 Windows games Windows phone games Entertainment All Entertainment server error 401 unauthorized Movies & TV Music Business & Education Business Students & educators
Server Error In Application
Developers Sale Sale Find a store Gift cards Products Software & services Windows Office Free downloads & security Internet
400 Server Error
Explorer Microsoft Edge Skype OneNote OneDrive Microsoft Health MSN Bing Microsoft Groove Microsoft Movies & TV Devices & Xbox All Microsoft devices Microsoft Surface All Windows PCs & tablets PC accessories Xbox & games Microsoft Lumia All server error 403 Windows phones Microsoft HoloLens For business Cloud Platform Microsoft Azure Microsoft Dynamics Windows for business Office for business Skype for business Surface for business Enterprise solutions Small business solutions Find a solutions provider Volume Licensing For developers & IT pros Develop Windows apps Microsoft Azure MSDN TechNet Visual Studio For students & educators Office for students OneNote in classroom Shop PCs & tablets perfect for students Microsoft in Education Support Sign in Cart Cart Javascript is disabled Please enable javascript and refresh the page Cookies are disabled Please enable cookies and refresh the page CV: {{ getCv() }} English (United States) Terms of use Privacy & cookies Trademarks © 2016 Microsoft
WWW-Authenticate header server error 401 invalid credentials field1 containing at least one challenge applicable to the server 401 response target resource. If the request included authentication credentials, then the 401 response indicates that https://support.microsoft.com/en-us/kb/902160 authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field2. If the 401 response contains the same https://httpstatuses.com/401 challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent SHOULD present the enclosed representation to the user, since it usually contains relevant diagnostic information. 1 WWW-Authenticate RFC7235 Section 4.1 2 Authorization RFC7235 Section 4.2 Source: RFC7235 Section 3.1 401 Code References Rails HTTP Status Symbol :unauthorized Go HTTP Status Constant http.StatusUnauthorized Symfony HTTP Status Constant Response::HTTP_UNAUTHORIZED Python2 HTTP Status Constant httplib.UNAUTHORIZED Python3+ HTTP Status Constant http.client.UNAUTHORIZED Python3.5+ HTTP Status Constant http.HTTPStatus.UNAUTHORIZED← Return to httpstatuses.com
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up 403 Forbidden vs 401 Unauthorized HTTP responses up vote 1099 down vote favorite 284 For a web page that exists, but for which a user server error that does not have sufficient privileges, (they are not logged in or do not belong to the proper user group), what is the proper HTTP response to serve? 401? 403? Something else? What I've read on each so far isn't very clear on the difference between the two. What use cases are appropriate for each response? http-headers http-status-code-403 http-status-codes http-status-code-401 http-response-codes share|improve this question edited Nov 17 '15 at 13:24 MK-rou 107 asked Jul 21 '10 server error 401 at 7:21 VirtuosiMedia 15.6k1678124 7 401 'Unauthorized' should be 401 'Unauthenticated', problem solved ! –Christophe Roussy May 17 at 12:33 3 Wow. The answers below are ridiculously all over the map. It seems that the correct answer is undefined for non-HTTP authentication. –Joe Lapp Jun 7 at 19:30 add a comment| 11 Answers 11 active oldest votes up vote 1670 down vote accepted A clear explanation from Daniel Irvine: There's a problem with 401 Unauthorized, the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To help you out, it will always include a WWW-Authenticate header that describes how to authenticate. This is a response generally returned by your web server, not your web application. It’s also something very temporary; the server is asking you to try again. So, for authorization I use the 403 Forbidden response. It’s permanent, it’s tied to my application logic, and it’s a more concrete response than a 401. Receiving a 403 response is the server telling you, “I’m sorry. I know who you are–I believe who you say you are–but you just don’t have permission to access this resource. Maybe if you ask the system administrator nicely,