Security Information and Review

Collection of security information and review

Controlling Access Web Application with Web Based Basic Authentication

Author : Admin

If we want to restrict access to our web based application, we can use web based authentication. In this discussion, we will learn how to protect our web based application with web based basic authentication. It’s simple authentication that it’s very common use in the world in various web server.

We can use our web server’s basic authentication scheme quite easily with .htaccess file in our web directory. In this example, we will restrict access to directory in our web based application : http://www.widyani.com/basic_auth. We can create and edit .htaccess file in the %DocumentRoot%/basic_auth, see following code :

1
2
3
4
5
 
	AuthType Basic
	AuthName “Restricted Access :: Private Only”
	AuthUserFile /path/to/application/basic_auth
	Require valid-user

We can also add configuration file in our web server configuration, for example, if we use Apache, edit and add configuration file like this :

1
2
3
4
5
6
7
 
<Location “/basic_auth/>
	AuthType Basic
	AuthName “Restricted Access :: Private Only”
	AuthUserFile /path/to/application/basic_auth
	Require valid-user
</Location>

After we have created above configuration, we need to generate user and password with htpasswd utility. See the following code to generate user : administrator and password with htpasswd utility.

1
2
3
 
	# generate user administrator
	htpasswd –c /path/to/basic_auth administrator

With the above command, -c option if we will create first user. If htpasswd is not in our path, we need to provide the path name. When creating a user, we will be asked to enter a new password.

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Web Application Security
I want to quote your post in my blog. It can? And you et an account on Twitter?
25 December 09 at 23:54
If you like this posts, please leave messages / comments.