You are reading a single posting from this blog. For a complete listing, you should head home.

.htaccess Basic HTTP Authentication in Windows

May 7th, 2008

Once again, writing as a personal note, and hopefully as something that could end up being helpful for others.

I struggled quite a bit a few days ago trying to setup simple HTTP authentication (.htaccess + .htpasswd) in my development machine at work (Windows XP). I just wouldn’t work the same pair of files that worked successfully in the remote testing server (Linux) resulted in failed authentications when in my dev machine.

After a lot of research, I discovered the cause: .htpasswd passwords should not be encrypted under Windows! It took some time to find out about this, specially considering every single example of simple HTTP authentication I could find was scoped to Linux (including the many .htaccess generators out there).

In short, the lesson is:

when using .htpasswd files under Windows,leave the password as plain text.

So, for example, to protect a given cave directory with user name alibaba and password opensesame, you’d have an .htaccess in the parent directory such as

AuthType Basic
AuthName "Cave"
AuthUserFile /path/to/password/.htpasswd
Require valid-user

with the corresponding .htpasswd file in /path/to/password/ (remember this path is relative to the root of the volume where Apache is running from)

alibaba:opensesame

while in Linux, the .htpasswd file would read

alibaba:b3xT.a9Xe7LsM

I hope this helps someone!

You may be interested in these posts: