[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

http authentication

Posted on 2003-03-05
11
Medium Priority
?
215 Views
Last Modified: 2010-03-04
Hi,
I am trying to implement basic http authentication for my webpages. I am running Apache on a win2k pc.

I edited httpd.conf setting - AllowOverride All, created a .htaccess file in the web dir, ran htpasswd for creating an users file..

So far everthying went fine and when i try to access the homepage of the web dir, i get the authentication window, BUT none of the usernames/passwords are accepted. the site, realm all show up fine but the users info is not being validated ok.. What is the problem??

thnx in adv,
sgaucho
0
Comment
Question by:sgaucho
  • 4
  • 4
  • 2
  • +1
11 Comments
 

Expert Comment

by:jsignal
ID: 8075034
Have you double checked the encrypted passwords are correct in your .htaccess file?  That's the obvious first thing to check.
0
 

Expert Comment

by:jsignal
ID: 8075094
Have you double checked the encrypted passwords are correct in your .htaccess file?  That's the obvious first thing to check.
0
 
LVL 15

Expert Comment

by:samri
ID: 8077576
Could you post your .htaccess

Docs: http://httpd.apache.org/docs/howto/auth.html
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 

Author Comment

by:sgaucho
ID: 8078996
Hi,

afaik, i hv followed the instructions to the last detail as provided with the apache docs, however they all pertain to apache running on linux, not on windows.. I had http auth working fine on linux sometime ago..

my .htaccess  :

AuthType Basic
AuthUserFile C:\apache\bin\users.txt
AuthName "etax"
Require valid-user

p.s: note, its users.txt and not users.. if i put just users, nothing works...

any suggestions??
thnx,
sg
0
 
LVL 15

Expert Comment

by:samri
ID: 8079051
sg,

this is what I had on my Win2K machine;
--------
AuthType                Basic
AuthName                "My access"
AuthUserFile            "C:/Websites/.htpasswd"
AuthAuthoritative       on
require                 valid-user
Satisfy                 any
-------

and make sure you c:\apache\bin\users.txt is created using htpasswd.exe

And make sure you had (at least):
AllowOverride AuthConfig
in the Directory (or resource) you need to limit access).  By default it was set to none (When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.)

http://httpd.apache.org/docs/mod/core.html#allowoverride
0
 

Author Comment

by:sgaucho
ID: 8079142
Hi Samri,

followed ur suggestions but nothing yet..  I hv set AllowOverride ALL

Further, please clarify a couple of things..
1. AuthUserFile shud hv the path to the file containing the usernames and passwords right? not the .htpasswd ??

2. the .htaccess file i created was like this:
 opened notepad,
 inserted the lines,
 saved the file as ".htaccess" (without a filename)

thats it.. is this ok??
thnx,
sg
0
 
LVL 15

Expert Comment

by:samri
ID: 8079191
1. The AuthUSerFile should be that file that has user:encrypted password.  In my ssytem this is what I had.

C:\Websites>more .htpasswd
user1:$apr1$R61.....$LPLfgBsj2uafu4IVbak/.1
user2:$apr1$kf5.....$ToZz282U.6sqHjQEwbErc0
user2:$apr1$gF/.....$ZyHR9zT9PnfBFY6FXpmZb1


2.  You need to create this file using htpasswd.exe which comes with apache.  For apache 1.3 look in c:/program files/apache group/apache/bin/

SOme docs on htpasswd;
C:\Program Files\Apache Group\apache\bin>htpasswd
Usage:
        htpasswd [-cmdps] passwordfile username
        htpasswd -b[cmdps] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password (default).
 -d  Force CRYPT encryption of the password.
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
On Windows, TPF and NetWare systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.

C:\Program Files\Apache Group\apache\bin>

---
So first time you would be using;
htpasswd -c .htpasswd username
----
C:\Program Files\Apache Group\apache\bin>htpasswd -c .htpasswd samri
Automatically using MD5 format on Windows.
New password:
Re-type new password:
Adding password for user samri

C:\Program Files\Apache Group\apache\bin>
---
for adding/modifying user (subsequent) just do not use -c switch.  TO delete just open the file and delete the line that you want to delete.  The file is a standard text file.

I hope this help.
0
 

Author Comment

by:sgaucho
ID: 8079212
YEs, thats exactly what i had done ... the file i am referring to users.txt has some key-value pairs , i mean, username:md5 encrypted psswd.

The authentication window just doesnt accept my password!

any more suggestions..  Can u please send me the exact lines to be altered in the httpd.conf file?? would like to crosscheck again..

thnx much,
sg
0
 
LVL 1

Expert Comment

by:JOligario
ID: 8081355
Are you running IIS in the background or is this a dual boot system?
0
 

Author Comment

by:sgaucho
ID: 8081729
I hv IIS installed but its currently shutdown.. and no this is not a dual boot system...
0
 
LVL 15

Accepted Solution

by:
samri earned 150 total points
ID: 8086674
some example in my system;
Make sure you had mod_auth.c module is loaded;

AddModule mod_auth.c


<Directory />
    Options FollowSymLinks
    AllowOverride None
#    AllowOverride AuthConfig
</Directory>


Alias /Admin "C:/Websites/Admin"
<Directory "C:/Websites/Admin">
    Options Indexes FollowSymLinks MultiViews ExecCGI
    AllowOverride AuthConfig
    Order allow,deny
    Allow from 192.168.0.1
</Directory>


.htaccess in c:\websites\admin
AuthType                Basic
AuthName                "Administrative"
AuthUserFile            "C:/Websites/.htpasswd"
AuthAuthoritative       on
require                 valid-user
Satisfy                 any

.htpasswd <as posted before>
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…
Suggested Courses
Course of the Month7 days, 16 hours left to enroll

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question