User authentication in XAMPP with Apache webserver under Windows
What is the starting point?
Under some circumstances there may be the need for a litte project on a webserver under Windows. There may exist more applications than this, but XAMPP has gained space in this task area and its utilisation is spread wide. XAMPP comes with Apache webserver, a DB, PHP and Perl. It is easy to install also by non-experts.
For some reasons parts of the webserver or its applications may have the need for restriction and user authentication. One way to implement this is the use of the .htaccess mechanism.
Why to use .htaccess mechanism?
With the file .htaccess you have the possibility to configure the user authentication without the need to change the Apache configuration files. Because the first character of the file name is a dot the file will be hidden in the directory for simple usage cases.
The file can be created with a text editor. Pay attention to give as the name only ".htaccess" (without the quotation marks) without a further file name extension. Then copy it to the website directory which you want to secure.
Be sure to place the file .htaccess exactly in the directory you want the user authentication to apply to. The settings in this .htaccess will affect everything in this directory and the below placed directories.
Not with XAMPP - but in case you would use a Linux server or a Raspberry Pi you would have to activate the .htaccess file:
Activate the .htaccess file
The activation has to be done in the Apache configuration to allow the .htaccess to override the Apache config settings. BTW you need sudo rights to do this.
Create the new .htaccess file
If you did install XAMPP in D:\XAMPP and your application is in directory D:\XAMPP\htdocs\myapp (with underlying directory cgi-bin) then edit the .htaccess file this way (again, choose your prefered editor instead of nano):
Besides the .htaccess file you need the user authentication file .htpasswd . Place it outside the web-home dir i.e. as sibbling usr in this path: D:/XAMPP/usr
To create the file use the webserver password creation application htpasswd (for XAMPP in D:\xampp\apache\bin\).
I had another case where the generated encrypted password was different and much longer. To be sure, every time use the htpasswd application. The switch -c creates a new file and the switch -b tells the generation to use the password given at the command line.
First time I did test it with these steps, unfortunately it didn't work. The solution included more parts. One was the usage of the password generation application htpasswd instead of creating it by using the simple crypt() function. In case of XAMPP under Windows the line ending had to be Windows style with \r\n (carriage return + line feed) instead of Linux style under a Linux system which consists only of \n (line feed or new line).
If you have difficulties don't hesitate to contact me.
Under some circumstances there may be the need for a litte project on a webserver under Windows. There may exist more applications than this, but XAMPP has gained space in this task area and its utilisation is spread wide. XAMPP comes with Apache webserver, a DB, PHP and Perl. It is easy to install also by non-experts.
For some reasons parts of the webserver or its applications may have the need for restriction and user authentication. One way to implement this is the use of the .htaccess mechanism.
Why to use .htaccess mechanism?
With the file .htaccess you have the possibility to configure the user authentication without the need to change the Apache configuration files. Because the first character of the file name is a dot the file will be hidden in the directory for simple usage cases.
The file can be created with a text editor. Pay attention to give as the name only ".htaccess" (without the quotation marks) without a further file name extension. Then copy it to the website directory which you want to secure.
Be sure to place the file .htaccess exactly in the directory you want the user authentication to apply to. The settings in this .htaccess will affect everything in this directory and the below placed directories.
______________________________________________
Not with XAMPP - but in case you would use a Linux server or a Raspberry Pi you would have to activate the .htaccess file:
Activate the .htaccess file
The activation has to be done in the Apache configuration to allow the .htaccess to override the Apache config settings. BTW you need sudo rights to do this.
Or instead of nano use your prefered editor. In editing this file input the necessary content:sudo nano /etc/apache2/sites-available/default
After saving this file do a restart for Apache<Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory>
sudo service apache2 restart
______________________________________________
If you did install XAMPP in D:\XAMPP and your application is in directory D:\XAMPP\htdocs\myapp (with underlying directory cgi-bin) then edit the .htaccess file this way (again, choose your prefered editor instead of nano):
nano D:/XAMPP/htdocs/myapp/.htaccess
.. input the content:Create the .htpasswd fileAuthUserFile /xampp/usr/.htpasswd AuthGroupFile /dev/null AuthName "Please Enter Password" AuthType Basic Require valid-user
Besides the .htaccess file you need the user authentication file .htpasswd . Place it outside the web-home dir i.e. as sibbling usr in this path: D:/XAMPP/usr
To create the file use the webserver password creation application htpasswd (for XAMPP in D:\xampp\apache\bin\).
This will create a line in the .htpasswd file looking like this: jsmith:VtweQU73iyETMD:\xampp\apache\bin\htpasswd -c -b D:\xampp\usr\.htpasswd jsmith awesome
I had another case where the generated encrypted password was different and much longer. To be sure, every time use the htpasswd application. The switch -c creates a new file and the switch -b tells the generation to use the password given at the command line.
First time I did test it with these steps, unfortunately it didn't work. The solution included more parts. One was the usage of the password generation application htpasswd instead of creating it by using the simple crypt() function. In case of XAMPP under Windows the line ending had to be Windows style with \r\n (carriage return + line feed) instead of Linux style under a Linux system which consists only of \n (line feed or new line).
If you have difficulties don't hesitate to contact me.
Labels: Apache, authentication, htaccess, htpasswd, Linux, webserver, windows, XAMPP