Unauthorized Access Error 401 |
|
The 4xx class of status code is intended for cases in which the client seems
to have erred. Except when responding to a HEAD request, the server SHOULD
include an entity containing an explanation of the error situation, and
whether it is a temporary or permanent condition. These status codes are
applicable to any request method. User agents SHOULD display any included
entity to the user.
If the client is sending data, a server implementation using TCP SHOULD be
careful to ensure that the client acknowledges receipt of the packet(s)
containing the response, before the server closes the input connection. If the
client continues sending data to the server after the close, the server's TCP
stack will send a reset packet to the client, which may erase the client's
unacknowledged input buffers before they can be read and interpreted by the
HTTP application.
The request requires user authentication. The response MUST include a
WWW-Authenticate header field containing a challenge applicable to the
requested resource. The client MAY repeat the request with a suitable
Authorization header field. If the request already included Authorization
credentials, then the 401 response indicates that authorization has been
refused for those credentials. If the 401 response contains the same challenge
as the prior response, and the user agent has already attempted authentication
at least once, then the user SHOULD be presented the entity that was given in
the response, since that entity might include relevant diagnostic information.
|