How do I preemptively include a Basic Authentication header when working with webread/webwrite/websave?
Show older comments
I have a web server which allows Basic authentication for non-interactive workflows and which supports a form based login plus cookies for interactive workflows. This means that:
1. If I make a request with a valid Basic Authentication header, the request simply succeeds, and
2. If I make a request without any Authentication header, the server redirects to the login form, i.e. it does not respond with 401 and a WWW-Authenticate header specifying which authorization methods it supports.
In MATLAB releases prior to R2019b, I could successfully work with this server using "webread" and passing along "weboptions" in which I specified 'Username' and 'Password', I got the response which I was expecting. In MATLAB R2019b making the same request returns the login page however instead of the data which I was expecting.
Accepted Answer
MathWorks Support Team
on 20 Apr 2026 at 0:00
Edited: MathWorks Support Team
2 minutes ago
R2026a and later
Starting in MATLAB R2026a, to use Basic Authentication, create a "weboptions" object with the "BasicAuthenticationMethod" name-value argument set to "preemptive". For more information, see weboptions.
R2019b to R2025b
From R2019b through R2025b, MATLAB follows the challenge and response workflows from RFC-7235 more closely; which basically means it first makes a request without credentials expecting the server to return an "401 - Unauthorized" response in combination with a ‘WWW-Authenticate' header specifying which authentication methods it supports. MATLAB then makes a second request with that particular authentication method. This is a more secure approach but this breaks workflows working with servers like the one described above.
If you still want "webread"/"webwrite"/"websave" to preemptively include a Basic Authentication header in the first request, do not specify 'Username' and 'Password' property/value pairs in "weboptions", instead use "HeaderFields" to specify your own Authentication header. A Basic Authentication header is very simple to form: it is simply the text 'Basic ', followed by [username] colon [password] in base64 encoded format. So in MATLAB you could for example write:
% Example username and password
% For MATLAB R2025a and later, use secretID. See weboptions
options = weboptions(username=secretID("MathWorks.Username"), ...
password=secretID("MathWorks.Password"))
% For MATLAB R2019b to R2024b
username = "myUser";
password = "myPassword";
% Manually set Authorization header field in weboptions
options = weboptions("HeaderFields",{"Authorization",...
["Basic " matlab.net.base64encode([username ":" password])]});
% Make a request using these options
webread("https://httpbin.org/hidden-basic-auth/myUser/myPassword", options)
Note httpbin.org is a service for testing HTTP requests, the 'hidden-basic-auth' endpoint behaves in a way similar to described above (the request succeeds if you preemptively include a Basic Authorization header but immediately returns "404 - Not Found" if no (valid) authentication header was present). The myUser and myPassword specified in the request URL here is part of this particular testing endpoint, when calling your actual server you would normally not include your username and password in the request URL in this way, also do not call httpbin.org with you real username and password.
R2019b and earlier
In MATLAB releases prior to MATLAB R2019b, when you specify a 'Username' and 'Password' MATLAB will preemptively pass these in a Basic Authentication header in the first request which "webread" makes.
Set authentication method in HTTP interface
The workflow for the HTTP interface has not changed. In this interface, if you explicitly specify 'Username', 'Password' and exactly one authentication method using a Credentials object, the Authorization header was always- and still is- preemptively included in the first request. So you can still write:
% HTTP Interface workflowimport matlab.net.http.* % Create a credentials object. If you specify exactly one Scheme, we % immediately automatically add the Authorization header for this Scheme, % if you do not specify a Scheme we first make a request without any % Authorization header expecting a server challenge. % For MATLAB R2025a and later, use secretID. See weboptions setSecret("MathWorks.Username") setSecret("MathWorks.Password") creds = Credentials(Username=secretID("MathWorks.Username"), ... Password=secretID("MathWorks.Password"), ... Scheme=AuthenticationScheme.Basic); % For MATLAB R2024b and earliercreds = Credentials('Username','myUser','Password','myPassword',... 'Scheme', AuthenticationScheme.Basic);% Add these credentials to the options options = HTTPOptions(Credentials=creds); % Create a request req = RequestMessage('GET'); % Execute this request on some URL with these options response = req.send("https://httpbin.org/hidden-basic-auth/Username/ Password",options);
.
More Answers (0)
Categories
Find more on Startup and Shutdown in Help Center and File Exchange
Products
on 12 Sep 2019
on 21 Apr 2026 at 18:52
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
