Apache Login Authentication not working

Question

Samyx 36 Junior Poster in Training

9 Years Ago

Hi guys,

I am trying to create a login page using apache mod_auth_form to authenticate users. Once the user is authenticated he/she should be able to access the main page.

# my public directory: #
C:/webroot/
regtrack_newSG.php

# my protected directory: #
C:/webroot/myapp/
regtrack_studysiteone.php

# my password file:
C:/Apache24/passwd/passwords

# .htaccess file under the protected directory: #

    AuthFormProvider file
    AuthUserFile "C:\Apache24\passwd\passwords" 
    AuthFormLoginRequiredLocation /regtrack_newSG.php
    AuthFormLoginSuccessLocation /myapp/regtrack_studysiteone.php
    AuthType form
    AuthName realm
    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase secret
    Require valid-user

# httpd config: #

    LoadModule auth_form_module modules/mod_auth_form.so

    DocumentRoot "c:/webroot"
    <Directory "c:/webroot">
        Options Indexes FollowSymLinks
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all

    </Directory>

    <Directory "c:/webroot/myapp">
      Options FollowSymlinks
      AllowOverride AuthConfig
      Order allow,deny
      Allow from all
    </Directory>

    <Location /dologin>
        SetHandler form-login-handler
        AuthFormProvider file
        AuthUserFile "C:/Apache24/passwd/passwords" 
        AuthFormLoginRequiredLocation /regtrack_newSG.php
        AuthFormLoginSuccessLocation /myapp/regtrack_studysiteone.php
        AuthType form
        AuthName realm
        Session On
        SessionCookieName session path=/
        SessionCryptoPassphrase secret    
    </Location>


# my login page (regtrack_newSG.php): #

    <html>
    <form method="POST" action="/dologin">
    <b>Username:</b>  <input type="text" name="httpd_username" value="" /><br>
    <b>Password:</b>  <input type="password" name="httpd_password" value="" /><br>
    </TD></TR>
    <TR><TD align=center>
    <input type="submit" name="login" value="Login" /> 
    </form>
    </html>

## When entering an invalid user, it gives me this message: ##

"This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."

## When entering a valid user, it gives me this message: ##

"The connection to the server was reset while the page was loading..."

# Apache Error log: #

[Fri Feb 13 08:46:59.346701 2015] [ssl:warn] [pid 7456:tid 440] AH01909: RSA certificate configured for OC.lacrn.LOCAL:8801 does NOT include an ID which matches the server name
[Fri Feb 13 08:46:59.487327 2015] [ssl:warn] [pid 7456:tid 440] AH01909: RSA certificate configured for OC.lacrn.LOCAL:8801 does NOT include an ID which matches the server name
[Fri Feb 13 08:46:59.491164 2015] [mpm_winnt:notice] [pid 7456:tid 440] AH00354: Child: Starting 64 worker threads.

I have no clue why it is happening. Can anyone help me?

Thank you.

apache php

Edited 9 Years Ago by Dani because: Formatting fixed

2 Contributors
3 Replies
2K Views
7 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by cereal

cereal 1,524 Nearly a Senior Poster

9 Years Ago

Hi,

your configuration seems fine, but try to remove the mod_auth_form directives from the .htaccess file, most of these can be applied only to directory context, not in .htaccess:

http://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

Also, did you encoded the passwords in the AuthUserFile with htpasswd? Docs:

http://httpd.apache.org/docs/current/mod/mod_authn_file.html

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Samyx 36 Junior Poster in Training · Answer 1 · 2015-02-13T17:59:21+00:00

I removed the .htaccess file alltogether and placed the instruction in a Directory in the httpd config file.

<Directory "c:/webroot/myapp">
AuthFormProvider file
...
Require valid user
</Directory>

Now, when I try an unauthorized user it redirects me to the login page like it supposed to. But when I try to login with a valid user name and password it still gives me the error msg: "The connection to the server was reset while the page was loading..." and the same error msg from the log as posted previously.

To answer your question, yes, the passwords have been encoded using the htpasswd. I checked the password file and the contents are as expected (username: encryption)

The apache login used to work when using the 'AuthType Basic', now with my custom login page form it doesn't.

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 2 · 2015-02-14T00:44:45+00:00

Your configuration works fine for me, just make sure to enable all the modules requested by this procedure, I did a fresh install of Apache and I had to enable these modules:

session
session_cookie
session_crypto
request
auth_form

After that everything worked fine. For example by using AuthFormProvider file Apache requires the authn_file module which is usually enabled by default, but make sure it is on.