The resource requires user authentication. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user should be presented the entity that was given in the response, since that entity might include relevant diagnostic information.
Access to the page requires authentication and either the user has not been presented with log in window or authentication failed with a bad username and/or password or the credentials have expired. This type of authentication is commonly referred to as WWW-Authentication or Basic HTTP Authentication and its handled by the web server application over HTTP.
HTTP/0.9 and later