Configure Basic authentication for a custom domain name - Function Compute

In Function Compute, you can configure Basic authentication for a custom domain name to control access permissions at the domain level. This allows authorized users to securely access the function service through the custom domain name.

Background information

When you enable Basic authentication for a custom domain name, the client must include the configured username and password, encoded in Base64, in the request. Access to the function service is granted only after the credentials are successfully validated. This feature is useful in the following scenarios:

You need to access a function service through a custom domain name, such as example.com.
You need to manage access permissions at the domain level instead of for individual triggers.
You need to protect authentication information over an encrypted HTTPS channel.

Prerequisites

You have created a function and attached a custom domain name to the function.

Limits

Category	Rule
User count	A maximum of 20 users can be configured for each custom domain name.
Username conventions	12 to 128 characters. The username must start with a letter and can contain hyphens (`-`), underscores (`_`), and periods (`.`).
Password strength	12 to 128 characters. The password must include uppercase letters, lowercase letters, digits, and at least one of the following special characters: `! @ # $ % ^ & * ( )`.
Security requirements	- Do not reuse passwords. - Do not use simple combinations. - Rotate passwords regularly.
Protocol requirements	You must enable HTTPS in a production environment. HTTP is for testing only. You are responsible for any credential leaks that occur over HTTP.

Procedure

Step 1: Configure Basic authentication for the custom domain name

Log on to the Function Compute console. In the left-side navigation pane, choose Advanced Features > Custom Domains.
In the top menu bar, select a region. On the Domain Names page, find the desired custom domain name and click Edit in the Actions column.
On the settings page for the custom domain name, expand Authentication Settings, configure the following options, and click Save.
- For Authentication Method, select Basic Authentication.
- User List: Click Add User and enter a Username and Password. For more information about the username and password requirements, see Limits.
Wait for 1 minute for the configuration to take effect.

Step 2: Verify Basic authentication

Generate a Base64 credential. Use the command line to generate the Base64 encoding of the username and password. Replace the placeholder values with your actual values.
```
# Linux/macOS (make sure to use the -n parameter)
echo -n "username:password" | base64
# Example output:
dXNlcm5hbWU6cGFzc3dvcmQ=
```
Make an authentication request. Use the curl command to test access. Make sure to use the HTTPS protocol.
The following is an example command:
```
curl -X GET "yourCustomdomain" -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ="
```
Parameters:
- Replace yourCustomdomain in the example with your actual custom domain name.
- The value of the `Authorization` request header must start with `Basic`, followed by a space.

FAQ

Why do I receive the "authorization required" message after I enable Basic authentication?
This message indicates that the request to access the function through the custom domain name does not include a valid `Authorization` header. Verify that the request includes the `Authorization` header and that the user information in its value is correct.
Why do I receive the "basic authorization xxx is not a Base64-encoded string" message after I enable Basic authentication?
This message indicates that the value of the `Authorization` header in the request is not a valid Base64-encoded string.
Why do I receive the "Authorization header must start with Basic" message after I enable Basic authentication?
According to RFC 7617, when a client makes a request that uses Basic authentication, the request must include an `Authorization` header. The value of this header must start with `Basic`, followed by a space.
Are there extra charges if I enable Basic authentication?
No, there are not. Function Compute bills for gateway-related features based on the number of function invocations. Therefore, enabling Basic authentication does not incur extra charges.