Solved

login dialog

Posted on 1999-01-26
16
177 Views
Last Modified: 2010-04-09
How do you have a login dialog pop every time a user comes to a page for the first time in a session.  I basically want  the expert-exchange login.
0
Comment
Question by:danGynn
  • 8
  • 7
16 Comments
 
LVL 6

Expert Comment

by:PBall
ID: 1845694
Server side authentication.  Different server, different way to do it.

See paqs in this category or authoring category, plenty answered there.
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845695
What's the server software? Apache?
Here's what to do:
1. Create the directory you want to protect and a directory where the passwords should be kept (shouldn't be accessible from the net).

2. Modify .htaccess in that directory, so it looks similar to:

    AuthUserFile /var/www-passwords/.htpasswd
    AuthName "Restricted area"
    AuthType Basic
    require valid-user

3. Create the password file .htpasswd using the program htpasswd for each user (-c is for creating the file. Only needed the first time)

    htpasswd -c /var/www-passwords/.htpasswd user1
    htpasswd /var/www-passwords/.htpasswd user2
    htpasswd /var/www-passwords/.htpasswd user3
    and so on...

4. Try to access a file in the protected directory

Martin
0
 

Author Comment

by:danGynn
ID: 1845696
martinag:

Yes, I am using Apache.  I followed your steps, but when I tried to access a simple page that I copied over to that directory I got the following error message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have
done that may have caused the error.

Premature end of script headers: /home/httpd/cgi-bin/pwdhtml/about.html


Any ideas?
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845697
Look into /var/log/apache/error.log
What error messages do you find (the new ones are at the bottom)?

Also, you've got about.html in cgi-bin. Maybe that's what causing the error? Apache is expecting a CGI. I just tried putting a HTML file in the cgi-bin and it didn't work (Internal Server Error just like you). Try protecting a directory in the WWW directory (probably /var/www).

Martin
0
 

Author Comment

by:danGynn
ID: 1845698
Oh, that was the problem why I got the error.  But now that the directory is in the WWW directory, I added the .htaccess file again and viewed the page, but it just showed the page with no login prompt.
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845699
Hmmm...
Aah, now I remember. I had the same problem when I did this myself and it turned out to be a setting thing.
In /etc/apache/settings.conf you'll find this line:
  AllowOverride None
Change to
  AllowOverride All

I usually comment out the old line and add a comment on why I changed and the date. Example:
  # AllowOverride None
  # Changed 27/1/98 to make Apache read the .htaccess files
  AllowOverride All

Martin
0
 

Author Comment

by:danGynn
ID: 1845700
I don't seem to have an apache directory.  Any ideas on where else that file may be?  Also, will I be able to access that login name after some one logs in?
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845701
Hmm... I'll check out where it could be.

The name (danGynn, martinag etc) will be stored in the environment variable REMOTE_USER.
For example, if you use Perl, you'd use
  $ENV{'REMOTE_USER'}

Note that you can't access the password.

Martin
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 4

Expert Comment

by:martinag
ID: 1845702
I haven't found any kind of list like 'the ten most common paths to the Apache directory', so you'll have to do a search (this may take some time...):
find / -name apache -print

Write the list down and try the directories one by one...

Martin
0
 

Author Comment

by:danGynn
ID: 1845703
I believe that I found the file, although, in my version of Apache it is called access.conf.  But it seems to be the right one.  I think that I need to do a restart on the web server though before it takes effect.  Do you remember the command oh hand?
0
 

Author Comment

by:danGynn
ID: 1845704
Okay, I restarted the web server after adding the 'AllowOverride All' line, but it still is just showing the page without a login prompt.
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845705
Did you change 'the right' AllowOverride? In access.conf you might have many blocks of <Directory xxx> ... </Directory>.
Did you change the AllowOverride inside <Directory /var/www></Directory>?

Did you remember the dot in .htaccess?

I can't think of much more that could be wrong. Maybe you'll get some help from http://www.apache.org/docs/misc/FAQ.html

BTW, How did you restart Apache? Here's how to do it properly: http://www.apache.org/docs/stopping.html
You'll find the PidFile location in /etc/apache/httpd.conf

Martin
0
 

Author Comment

by:danGynn
ID: 1845706
martinag:

Hey, thanks a lot for your help!  It's doing what I want it to now.  Answer the question for the points.

Dan
0
 
LVL 4

Accepted Solution

by:
martinag earned 100 total points
ID: 1845707
Ok.
In case I see this question again... What was wrong?

Martin
0
 

Author Comment

by:danGynn
ID: 1845708
I'm not really sure what was wrong exactly.  I followed the instructions from the Apache FAQ.  One of the differences was the order of lines in the .htaccess file.  The other was instead of AllowOverride All, I used AllowOverride AuthConfig.  I'm not sure which it was though.  Thanks for the help though.
0
 
LVL 4

Expert Comment

by:martinag
ID: 1845709
Any time :-)

Martin
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
This article discusses how to create an extensible mechanism for linked drop downs.
In this tutorial viewers will learn how to code links for mobile sites that, once clicked, send a call or text to a specified number. For a telephone link (once clicked, calls a number), begin with a normal "<a href=" link tag. For the href, specify…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now