Setting up HTTP Basic authentication with Apache

Last week, I had a chance to setup our test Apache server for Basic and Digest authentication. The setup was required to verify few of the HTTP authentication related test cases.

I’m blogging it here so that I’ll not forget, if I need it again :)

I had WAMP Server v2.0  which included Apache v2.2.11 web server.

Setting up Basic authentication was straight forward.

1. Update http.conf by adding :

AccessFileName htaccess.acl .htaccess

An htaccess file can be used to modify the Apache configuration on a per-directory basis.

On some operating systems ‘htaccess.acl’ is not required. Ex, on Linux, you can just mention it as .htaccess. This is because, on Linux you can create a file with name .htaccess.

2. Add “Directory” tag into http.conf as shown below :

<Directory "c:/wamp/www/basic-auth/">
    Options None
    AllowOverride all
    Order Deny,Allow
</Directory>

c:/wamp/www/basic-auth/ is the folder which needs to be secured by the authentication scheme which we are trying to impose.

3. Next step is to create password file.

cd C:\wamp\bin\apache\Apache2.2.11\bin
htpasswd -c pwd.txt prash

This prompts for the password for the username – ‘prash’. After supplying the password we will be ready with the password file – ‘pwd.txt’ under ‘C:\wamp\bin\apache\Apache2.2.11\bin’.

4. Create the htaccess file - ‘htaccess.acl’ file with the following data.

AuthUserFile C:\wamp\bin\apache\Apache2.2.11\bin\pwd.txt
AuthName "Protected"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

This specifies which password file need to be considered for the authentication – ‘C:/wamp/bin/apache/Apache2.2.11/bin/pwd.txt’ also the type of authentication scheme – Basic.

Place this file under the folder ‘c:/wamp/www/basic-auth/’ along with other live data and restart the server.

Now, try accessing the folder http://localhost/basic-auth. This should prompt for username and password.

Reference : http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html