Old:Basic authentication and redirection

Revision as of 21:02, 17 July 2008 by Ric (talk | contribs) (New page: <span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000"> {| | MPG UniCenter || Extending Apache’s basic authentication usin...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

MPG UniCenter

Extending Apache’s basic authentication using mod rewrite.

Power of htaccess and mod rewrite - 3.5-Apollo

This write-up looks at extending Apache’s basic authentication allowing users to log-in to individual pages or folders. Each user is allocated a unique name and password, users are validated using Apache’s basic authentication once logged in are redirected using mod rewrite to the appropriate page or folder .

Private Server

Uniform Server already has this authentication mechanism in place.

Name-password pairs are stored in the file .htpasswd located in folder *\Uniform Server\udrive\htpasswd\www it has the default pair root:root (order name:password)

To enable Uniform Server as a private server open the file .htaccess contained in folder www and uncomment the following four lines as shown:

AuthName "Uniform Server - Server Access"
AuthType Basic
AuthUserFile /htpasswd/www/.htpasswd
Require valid-user

Run the servers, type http:/localhost into your browser address bar and you will be challenged for a user name and password, to gain access enter root and root.

The htaccess file protects the folder it’s contained in and all sub-folders hence if you try to directly access a page anywhere on the server you will be challenged. Validation is stored meaning you are required to authenticate only once and will not be challenged again.

Note 1: When testing this can be a problem because you need to reset the stored validation the only way I know of doing this is to restart the browser. This breaks the server link removing any stored information. Another minor irritation is stored pages in the browser cache; clean this to avoid misleading results.

Generally you would like to have an Internet presence hence do not want to protect the entire server only a small area. On the main index page you would provide a login link to this protected area. Its possible to restrict users to a single page or restrict them to a private folder, I cover these two options below.

Note 2: Before continuing restore the above four lines back to their defaults as shown below:

#AuthName "Uniform Server - Server Access"
#AuthType Basic
#AuthUserFile /htpasswd/www/.htpasswd
#Require valid-user

Top

Private page

Apache's basic authentication is not very flexible however you can bend it a little using mod rewrite and create something usful without the need for any scripting such as PHP or Perl.

You must use a secured server so name/password pair and personal data on a page are encrypted. That said you can test on a standard Uniform Server installation.

This solution uses only a .htacces file with mode-rewrite performing the redirection this example demonstrates the concept.

  1. I have created a folder named secure in the root folder www.
    1. Folder secure contains John.html, Dave.html and Mike.html these are the personal data pages.
    2. This folder also contains an index.html page which states something like “you need to login” it a default should the login fail.
  1. My main index page in the root folder www contains the following link:
    <a href="secure/index.html">Secure login</a>
    When clicked takes me to the protected folder.
  2. Open the file .htpasswd located in folder *\Uniform Server\udrive\htpasswd\www delete its content and add name/password pairs e.g
    John:21
    Dave Smith:22
    Mike:23
    

    Use real passwords e.g Mst23Xfrs (21,22,23 makes it easier to test).

    Note: You can use spaces in the name.

  3. Copy .htaccess from the root folder www to folder secure (this saves the pain of creating one) once copied open the file delete its contents and add the following:
    AuthName "Please Login or whatever you would like displayed"
    AuthType Basic
    AuthUserFile /htpasswd/www/.htpasswd
    Require valid-user
    
    Options +FollowSymLinks
    RewriteEngine On
    RewriteBase /secure
    
    RewriteCond %{REMOTE_user} ^John$
    RewriteRule (.*) John.html [L]
    
    RewriteCond %{REMOTE_user} ^Dave\ Smith$
    RewriteRule (.*) Dave.html [L]
    
    RewriteCond %{REMOTE_user} ^Mike$
    RewriteRule (.*) Mike.html [L]
    
    • Each page to be protected requires two lines the first checks user name (all names must be unique, limitation of using this method, a user will have been validated with password however this is not accessible by the rewrite engine hence redirection on name only.)
    • The second line redirects to the appropriate page note the (.*) means any page requested by that user will be mapped to the page that follows the (.*) [L] last rule.
    • If for whatever reason no match is found it drops out of this and picks up the index page.

    Note 1: The space between Dave Smith needs to be escaped using a backslash “\ “ (without the quotes)

    Note 2: You will need to restart your browser to re-login.

    Again I stress the need for encryption because when using http, name/password is sent in plain text.


    Top

    Private folder

    This page is a DRAFT hence locked.

    If I have time will be complete by the weekend!!!

    xxxxxxxxxxxxxx


    Top


      Ric