User authentication in XAMPP with Apache webserver under Windows

What is the starting point?

Under some circumstances there may be the need for a litte project on a webserver under Windows. There may exist more applications than this, but XAMPP has gained space in this task area and its utilisation is spread wide. XAMPP comes with Apache webserver, a DB, PHP and Perl. It is easy to install also by non-experts.

For some reasons parts of the webserver or its applications may have the need for restriction and user authentication. One way to implement this is the use of the .htaccess mechanism.

Why to use .htaccess mechanism?

With the file .htaccess you have the possibility to configure the user authentication without the need to change the Apache configuration files. Because the first character of the file name is a dot the file will be hidden in the directory for simple usage cases.

The file can be created with a text editor. Pay attention to give as the name only ".htaccess" (without the quotation marks) without a further file name extension. Then copy it to the website directory which you want to secure.

Be sure to place the file .htaccess exactly in the directory you want the user authentication to apply to. The settings in this .htaccess will affect everything in this directory and the below placed directories.

______________________________________________

Not with XAMPP - but in case you would use a Linux server or a Raspberry Pi you would have to activate the .htaccess file:

Activate the .htaccess file

The activation has to be done in the Apache configuration to allow the .htaccess to override the Apache config settings. BTW you need sudo rights to do this.

sudo nano /etc/apache2/sites-available/default

Or instead of nano use your prefered editor. In editing this file input the necessary content:

 <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
 </Directory>

After saving this file do a restart for Apache

 sudo service apache2 restart

______________________________________________

Create the new .htaccess file

If you did install XAMPP in D:\XAMPP and your application is in directory D:\XAMPP\htdocs\myapp (with underlying directory cgi-bin) then edit the .htaccess file this way (again, choose your prefered editor instead of nano):

nano D:/XAMPP/htdocs/myapp/.htaccess

.. input the content:

AuthUserFile /xampp/usr/.htpasswd
AuthGroupFile /dev/null
AuthName "Please Enter Password"
AuthType Basic
Require valid-user

Create the .htpasswd file

Besides the .htaccess file you need the user authentication file .htpasswd . Place it outside the web-home dir i.e. as sibbling usr in this path: D:/XAMPP/usr
To create the file use the webserver password creation application htpasswd (for XAMPP in D:\xampp\apache\bin\).

 D:\xampp\apache\bin\htpasswd -c -b D:\xampp\usr\.htpasswd jsmith awesome

This will create a line in the .htpasswd file looking like this: jsmith:VtweQU73iyETM
I had another case where the generated encrypted password was different and much longer. To be sure, every time use the htpasswd application. The switch -c creates a new file and the switch -b tells the generation to use the password given at the command line.

First time I did test it with these steps, unfortunately it didn't work. The solution included more parts. One was the usage of the password generation application htpasswd instead of creating it by using the simple crypt() function. In case of XAMPP under Windows the line ending had to be Windows style with \r\n (carriage return + line feed) instead of Linux style under a Linux system which consists only of \n (line feed or new line).

If you have difficulties don't hesitate to contact me.