Understanding Basic Authentication

I recently had an opportunity to use Basic Authentication and Digest Authentication. Authentication is a crucial aspect of web security, ensuring that only authorized users can access specific resources. These authentication methods are widely used in Apache server. This article will focus on Basic Authentication, especially how it works and how to implement it. Basic Authentication Basic Authentication is a simple authentication mechanism where the client sends credentials like username and password encoded in Base64 with each HTTP request. While Base64 encoding is not encryption, it allows the credentials to be included in a standard format. Since it lacks encryption, it is recommended to use HTTPS to secure credentials in transit. Implementation Follow these steps to implement Basic Authentication on the Apache server: Install Apache using yum: sudo yum install httpd -y Create a protected directory: sudo mkdir -p /var/www/html/basic /basic can be anything. Create the .htpasswd file: sudo htpasswd -c /etc/httpd/.htpasswd username You'll be asked to type and confirm the password. Edit the Apache configuration file: sudo vi /etc/httpd/conf/httpd.conf Add the following inside the section (usually from 160 lines): AuthType Basic AuthName "Basic Auth" AuthUserFile /etc/httpd/.htpasswd Require user username Create an index.html file in the protected directory: sudo vi /var/www/html/basic/index.html Add something you want to display when user is authorized: You're successfully authorized. Press i to start typing in the INSERT MODE. To exit the INSERT MODE, press esc, type :wq, and press Enter. Restart the Apache server: sudo systemctl restart httpd Test the authentication using curl command: curl -L -u username:password http://xx.xx.xx.xx/basic If you see You're successfully authorized, authentication is working correctly.

Feb 19, 2025 - 21:02

I recently had an opportunity to use Basic Authentication and Digest Authentication. Authentication is a crucial aspect of web security, ensuring that only authorized users can access specific resources. These authentication methods are widely used in Apache server. This article will focus on Basic Authentication, especially how it works and how to implement it.

Basic Authentication

Basic Authentication is a simple authentication mechanism where the client sends credentials like username and password encoded in Base64 with each HTTP request. While Base64 encoding is not encryption, it allows the credentials to be included in a standard format. Since it lacks encryption, it is recommended to use HTTPS to secure credentials in transit.

Implementation

Follow these steps to implement Basic Authentication on the Apache server:

Install Apache using yum:

sudo yum install httpd -y

Create a protected directory:

sudo mkdir -p /var/www/html/basic

/basic can be anything.

Create the .htpasswd file:

sudo htpasswd -c /etc/httpd/.htpasswd username

You'll be asked to type and confirm the password.

Edit the Apache configuration file:

sudo vi /etc/httpd/conf/httpd.conf

Add the following inside the section (usually from 160 lines):


    AuthType Basic
    AuthName "Basic Auth"
    AuthUserFile /etc/httpd/.htpasswd
    Require user username

Create an index.html file in the protected directory:

sudo vi /var/www/html/basic/index.html

Add something you want to display when user is authorized:

You're successfully authorized.

Press i to start typing in the INSERT MODE.
To exit the INSERT MODE, press esc, type :wq, and press Enter.

Restart the Apache server:

sudo systemctl restart httpd

Test the authentication using curl command:

curl -L -u username:password http://xx.xx.xx.xx/basic

If you see You're successfully authorized, authentication is working correctly.

Understanding Basic Authentication

Basic Authentication

Implementation

Tags:

Related Posts

Popular Posts

Recommended Posts