KB Article #180341
Does the HTTP Basic filter support multiple authentication tokens in the Authorization header?
Problem
Does the HTTP Basic filter support having multiple, comma-separated authentication tokens in the Authorization filter?
Resolution
Yes. For example, when a header like this is presented to the HTTP Basic filter:
Authorization: Basic dGVzdDp0ZXN0, Bearer bearer_token
Then the HTTP Basic filter will authenticate the base64 test:test credentials in the HTTP basic authentication and ignore the bearer token value. The bearer token could then be validated by some other means after the Basic authentication succeeds.