How to Implement Apache Digest Authentication

I decided to repost this, because I had accidentally assigned it to the wrong zone(s).

I am looking to password protect my entire www directory.  I am assuming that by protecting the root directory, all sub directories will in turn be password protected.  If I'm wrong on that, please let me know.  I have read a little bit about this, but I cannot make it work for me.  Here's what I've done:

I have created a .htpasswd file located in c:\wamp\pass  It looks like this:
propmain32:realm:a913a91c2c1fb7c19f23a96bab0d45aa

I created an .htaccess file located in the www root dir which looks like this:
AuthDigestFile c:/wamp/pass
AuthType Digest
AuthName "propmain23"
Require user test

I uncommented this line in my .conf file:
LoadModule auth_digest_module modules/mod_auth_digest.so

I am not getting any results after I restart my server.  My page still loads up without a password prompt. I'm sure it's something stupid that I'm doing; please let me know what I need to do.  Thanks for reading.
thedeal56Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael WorshamInfrastructure / Solutions ArchitectCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thedeal56Author Commented:
I followed the steps in that example, and I am now seeing an internal server error.  Here's the message in the error log:
C:/wamp/www/.htaccess: Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Thanks for helping me out.
0
thedeal56Author Commented:
Oh yeah....Here's the revised .htaccess:

AuthDigestFile /wamp/pass/.htpasswd
AuthType Digest
AuthName "propmain"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm still confused on how to include the path to the password file.  Every example I see starts out like /somedir/someotherdir/ Which path is this relative to?  What comes before the first slash?  Should I read it like c:/somedir/someotherdir/  or is it assuming that it's in my www dir.  If so, should I read it like www/somedir/someotherdir?  
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

thedeal56Author Commented:
I changed AuthDigestFile to AuthUserFile.  Now I can get the password screen, but it will not accept my username and pass.  I've got a feeling it has something to do with the path to the password file.
0
thedeal56Author Commented:
Alright, I got the previous problems figured out.  Now, my error log says this:

Digest: user propmain32: password mismatch: /

I was pretty sure that I made the password file correctly, but I'll give it another shot and see what I can come up with.  Here's the new pw file:

propmain32:TEST:TYXPw93quICfE
0
Michael WorshamInfrastructure / Solutions ArchitectCommented:
When you use 'AuthUserFile', the AuthType must be 'Basic' not Digest.

0
thedeal56Author Commented:
Ok, I got it worked out.  Thanks for your help
0
thedeal56Author Commented:
Oh, sorry.  I didn't see your last post.  I was looking to use Digest.  I read that it was a little more secure.  Is it a good idea to use Digest?
0
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Yes, Digest uses MD5 for the password scheme.
0
thedeal56Author Commented:
Here's my current, working .htaccess file:

AuthUserFile /pass/.htpasswd
AuthType Digest
AuthName "TEST"
AuthDigestDomain  http://www3.murfreesborotn.gov/
AuthDigestNonceLifetime 300
require valid-user

I'm using AuthUserFile instead of AuthDigestFile, but my AuthType is still Digest.  It appears to be working, but am I actually protecting my page using Digest since I'm not user AuthDigestFile?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.