Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

http authentication

Posted on 2003-03-05
11
Medium Priority
?
214 Views
Last Modified: 2010-03-04
Hi,
I am trying to implement basic http authentication for my webpages. I am running Apache on a win2k pc.

I edited httpd.conf setting - AllowOverride All, created a .htaccess file in the web dir, ran htpasswd for creating an users file..

So far everthying went fine and when i try to access the homepage of the web dir, i get the authentication window, BUT none of the usernames/passwords are accepted. the site, realm all show up fine but the users info is not being validated ok.. What is the problem??

thnx in adv,
sgaucho
0
Comment
Question by:sgaucho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Expert Comment

by:jsignal
ID: 8075034
Have you double checked the encrypted passwords are correct in your .htaccess file?  That's the obvious first thing to check.
0
 

Expert Comment

by:jsignal
ID: 8075094
Have you double checked the encrypted passwords are correct in your .htaccess file?  That's the obvious first thing to check.
0
 
LVL 15

Expert Comment

by:samri
ID: 8077576
Could you post your .htaccess

Docs: http://httpd.apache.org/docs/howto/auth.html
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:sgaucho
ID: 8078996
Hi,

afaik, i hv followed the instructions to the last detail as provided with the apache docs, however they all pertain to apache running on linux, not on windows.. I had http auth working fine on linux sometime ago..

my .htaccess  :

AuthType Basic
AuthUserFile C:\apache\bin\users.txt
AuthName "etax"
Require valid-user

p.s: note, its users.txt and not users.. if i put just users, nothing works...

any suggestions??
thnx,
sg
0
 
LVL 15

Expert Comment

by:samri
ID: 8079051
sg,

this is what I had on my Win2K machine;
--------
AuthType                Basic
AuthName                "My access"
AuthUserFile            "C:/Websites/.htpasswd"
AuthAuthoritative       on
require                 valid-user
Satisfy                 any
-------

and make sure you c:\apache\bin\users.txt is created using htpasswd.exe

And make sure you had (at least):
AllowOverride AuthConfig
in the Directory (or resource) you need to limit access).  By default it was set to none (When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.)

http://httpd.apache.org/docs/mod/core.html#allowoverride
0
 

Author Comment

by:sgaucho
ID: 8079142
Hi Samri,

followed ur suggestions but nothing yet..  I hv set AllowOverride ALL

Further, please clarify a couple of things..
1. AuthUserFile shud hv the path to the file containing the usernames and passwords right? not the .htpasswd ??

2. the .htaccess file i created was like this:
 opened notepad,
 inserted the lines,
 saved the file as ".htaccess" (without a filename)

thats it.. is this ok??
thnx,
sg
0
 
LVL 15

Expert Comment

by:samri
ID: 8079191
1. The AuthUSerFile should be that file that has user:encrypted password.  In my ssytem this is what I had.

C:\Websites>more .htpasswd
user1:$apr1$R61.....$LPLfgBsj2uafu4IVbak/.1
user2:$apr1$kf5.....$ToZz282U.6sqHjQEwbErc0
user2:$apr1$gF/.....$ZyHR9zT9PnfBFY6FXpmZb1


2.  You need to create this file using htpasswd.exe which comes with apache.  For apache 1.3 look in c:/program files/apache group/apache/bin/

SOme docs on htpasswd;
C:\Program Files\Apache Group\apache\bin>htpasswd
Usage:
        htpasswd [-cmdps] passwordfile username
        htpasswd -b[cmdps] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password (default).
 -d  Force CRYPT encryption of the password.
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.

C:\Program Files\Apache Group\apache\bin>

---
So first time you would be using;
htpasswd -c .htpasswd username
----
C:\Program Files\Apache Group\apache\bin>htpasswd -c .htpasswd samri
Automatically using MD5 format on Windows.
New password:
Re-type new password:
Adding password for user samri

C:\Program Files\Apache Group\apache\bin>
---
for adding/modifying user (subsequent) just do not use -c switch.  TO delete just open the file and delete the line that you want to delete.  The file is a standard text file.

I hope this help.
0
 

Author Comment

by:sgaucho
ID: 8079212
YEs, thats exactly what i had done ... the file i am referring to users.txt has some key-value pairs , i mean, username:md5 encrypted psswd.

The authentication window just doesnt accept my password!

any more suggestions..  Can u please send me the exact lines to be altered in the httpd.conf file?? would like to crosscheck again..

thnx much,
sg
0
 
LVL 1

Expert Comment

by:JOligario
ID: 8081355
Are you running IIS in the background or is this a dual boot system?
0
 

Author Comment

by:sgaucho
ID: 8081729
I hv IIS installed but its currently shutdown.. and no this is not a dual boot system...
0
 
LVL 15

Accepted Solution

by:
samri earned 150 total points
ID: 8086674
some example in my system;
Make sure you had mod_auth.c module is loaded;

AddModule mod_auth.c


<Directory />
    Options FollowSymLinks
    AllowOverride None
#    AllowOverride AuthConfig
</Directory>


Alias /Admin "C:/Websites/Admin"
<Directory "C:/Websites/Admin">
    Options Indexes FollowSymLinks MultiViews ExecCGI
    AllowOverride AuthConfig
    Order allow,deny
    Allow from 192.168.0.1
</Directory>


.htaccess in c:\websites\admin
AuthType                Basic
AuthName                "Administrative"
AuthUserFile            "C:/Websites/.htpasswd"
AuthAuthoritative       on
require                 valid-user
Satisfy                 any

.htpasswd <as posted before>
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question