.htaccess Basic HTTP Authentication in Windows

Once again, writing as a personal note, and hopefully as something that could end up being helpful for others.

I struggled quite a bit a few days ago trying to setup simple HTTP authentication (.htaccess + .htpasswd) in my development machine at work (Windows XP). I just wouldn’t work the same pair of files that worked successfully in the remote testing server (Linux) resulted in failed authentications when in my dev machine.

After a lot of research, I discovered the cause: .htpasswd passwords should not be encrypted under Windows! It took some time to find out about this, specially considering every single example of simple HTTP authentication I could find was scoped to Linux (including the many .htaccess generators out there).

In short, the lesson is:

when using .htpasswd files under Windows,leave the password as plain text.

So, for example, to protect a given cave directory with user name alibaba and password opensesame, you’d have an .htaccess in the parent directory such as

AuthType Basic
AuthName "Cave"
AuthUserFile /path/to/password/.htpasswd
Require valid-user

with the corresponding .htpasswd file in /path/to/password/ (remember this path is relative to the root of the volume where Apache is running from)

alibaba:opensesame

while in Linux, the .htpasswd file would read

alibaba:b3xT.a9Xe7LsM

I hope this helps someone!

You my be interested in these posts:

Wednesday, May 7th, 2008 at 12:48 am

Filed under MiscTags: ,

You can leave a response, or trackback from your own site.

Have your say

Fields marked as * are required. And don't worry: your e-mail address will not be published.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>