Apache authentication Summary

Source: Internet
Author: User

This is a technology used for user authentication. User authentication is the first line of defense to protect network system resources. It controls all logins and checks the validity of users, the goal is to only allow legal users to access network system resources with legal permissions. The basic user authentication technology is "User Name + password ".
Apache is a popular Web server that runs on Linux, UNIX, windows, and other operating systems. It can well solve the authentication problem of "User Name + password. The username and password required for Apache user authentication are stored in two different ways: text files and databases such as msql, Oracle, and MySQL. The following uses Apache in Linux as an example to describe how to implement user authentication based on these two storage methods. It also briefly introduces Apache user authentication for Windows.
1. Use text file storage
The basic idea of this authentication method is: after Apache starts the authentication function, you can create a file named. htaccess in the directory to which access is restricted and specify the authentication configuration command. When you access the file in this directory for the first time, the browser displays a dialog box asking you to enter the user name and password to confirm your identity. If the user is a legal user, the content of the accessed page is displayed. After that, the browser automatically sends out the user name and password and does not need to enter the password until the browser is closed. The specific steps are as follows:
Run root as the super user to enter Linux. Assume that Apache 1.3.12 has been compiled and installed in the/usr/local/Apache directory. By default, the mod_auth module is automatically added when Apache is compiled. This module can be used to implement the authentication function of "User Name + password" stored in text files.
1. Modify the Apache configuration file/usr/local/Apache/CONF/httpd. conf and set the configuration command for the directory where the authentication resource is located.
In the following example, configure the/usr/local/Apache/htdocs/members directory:
<Directory/usr/local/Apache/htdocs/members>
Options indexes followsymlinks
AllowOverride authconfig
Order allow, deny
Allow from all
</Directory>
AllowOverride authconfig indicates that user authentication is allowed for files in the/usr/local/Apache/htdocs/members directory.
2. Create a file. htaccess under the/usr/local/Apache/htdocs/members directory with the following content:
Authname \ "member area \"
Authtype basic
Authuserfile/usr/local/Apache/members.txt
Require valid-user
Note: common configuration commands in file. htaccess include the following:
1) authname command: Specify the authentication region name. The region name is displayed to the user in the prompt authentication dialog box.
2) authtype command: Specify the authentication type. In http1.0, there is only one authentication type: Basic. There are several authentication types in http1.1, such as MD5.
3) authuserfile command: specify a text file containing the user name and password. Each line has a pair.
4) authgroupfile: Specifies a text file that contains a list of user groups and a list of members of these groups. Group members are separated by spaces, for example, managers: user1 user2.
5) require command: Specify which users or groups can be accessed with authorization. For example:
Require user user1 user2 (only users user1 and user2 can access)
Require group managers (only members in the group managers can access)
Require valid-user (any user can access the file specified by authuserfile)
3. Use Program Htpasswd: generate a text file containing the user name and password:/usr/local/Apache/members.txt. The format of each line is "User name: Password ".
# Cd/usr/local/Apache/bin
# Htpasswd-BC./members.txt user1 1234
# Htpasswd-B ../members.txt user2 5678
The hosts file members.txt contains two users: user1, password 1234, user2, and password 5678. Note: Do not store this text file in the directory tree of the Web document to avoid being downloaded by users.
To learn more about the htpasswd program, run htpasswd-H.
When the number of users is small, this method is convenient and easy to authenticate, And the maintenance work is also simple. However, when there are tens of thousands or even hundreds of thousands of users, it takes some time to find users, thus reducing server efficiency. In this case, the database method should be used.
2. database storage
Currently, Apache, PhP4, and MySQL are the best web site construction partners in Linux. These three software are free software. Combine the three methods and use PhP5 and MySQL over HTTP to implement Apache user authentication.
User authentication can be performed only when PhP5 runs in Apache module mode. Therefore, you must add the PhP5 module to compile Apache. Assume that PhP5 is used as the Apache module to compile and install Apache to the/usr/local/Apache directory, and compile and install MySQL to the/usr/local/MySQL directory. Perform the following steps:
1. Create a database member in MySQL, and create a table users in it to store the username and password of Valid users.
1) Use the VI command to create an SQL script file Auth. SQL IN THE/tmp directory. The content is:
Drop database if exists member;
Create Database member;
Use member;
Create Table users (
Username char (20) not null,
Password char (20) not null,
);
Insert into users values (\ "user1 \", password (\ "1234 \"));
Insert into users values (\ "user2 \", password (\ "5678 \"));
2) Start MYSQL client program MySQL, execute the auth. SQL command in the preceding SQL script file, and add two user records in the users table.
# Mysql-u root-pmypwd </tmp/auth. SQL
2. Write a PHP script header file Auth. Inc. The program content is: CopyCode The Code is as follows: <? PHP
Function authenticate (){
Header (www-Authenticate: Basic realm = \ "member area \");
Header (HTTP/1.0 401 unauthorized );
Echo \ "you must enter the correct user name and password. N \";
Exit;
}
Function checkuser ($ uname, $ PWD ){
If ($ uname = \ "\" | $ Pwd = \ "\") return 0;
$ Query = \ "select username, password from users where username = $ uname and Password = PASSWORD ($ PWD )\";
$ Db_id = mysql_connect (localhost, oot, mypwd );
Mysql_select_db (Member, $ db_id );
$ Result = mysql_query ($ query, $ db_id );
$ Num = mysql_num_rows ($ result );
Mysql_close ($ db_id );
If ($ num> 0 ){
Return 1; // valid logon
} Else {
Return 0; // invalid logon
}
}
?>

The authenticate () function uses the function header (www-Authenticate: Basic realm = \ "member area \") to send an authentication request message to the browser, make the browser pop up a user name/Password dialog box. After the user enters the user name and password, the URL containing the PHP script will be automatically called again, and the user name, password, and authentication type will be respectively stored in three special variables of PhP4: $ php_auth_user, $ php_auth_pw, and $ php_auth_type. In the PHP program, you can determine whether the user is valid based on these three variable values. In the header () function, basic indicates the basic authentication type, and the value of realm indicates the authentication region name.
Function header (HTTP/1.0 401 unauthorized) enables the browser user to receive an HTTP 401 error when entering the wrong user name or password multiple times in a row.
The checkuser () function is used to determine whether the user name and password sent by the browser are the same as those sent by the MySQL database. If they are the same, 1 is returned; otherwise, 0 is returned. The root username and password of mysql_connect (localhost, oot, mypwd) database should be changed according to your MySQL settings.
3. Add the following program segments at the beginning of each PHP script program that requires restricted access:Copy codeThe Code is as follows: require (Auth. Inc );
If (checkuser ($ php_auth_user, $ php_auth_pw) = 0 ){
Authenticate ();
} Else {
Echo \ "this is the webpage that a legal user wants to access. \ "; // Change this row to a webpage output to a valid user
}

place the content of the webpage to be displayed to a valid user in the else clause, replacing the line in the preceding Section:
echo \ "this is the webpage that the legal user wants to access. \ ";
in this way, when you access the PHP script program, you need to enter the user name and password to confirm the user's identity.
3. windows Apache user authentication
1. when a text file is used to store the user name and password, the method is the same as before. However, note that the slash "/" is used to separate the directory names in the path and between the directory names and file names, instead of the Backslash "".
2. when using the MySQL database to store user names and passwords, run php 4.0.3 as the Apache module in the following ways, then follow the above "user authentication using the database to store user names and passwords" method.
1) download Apache 1.3.12, PHP 4.0.3, and MySQL 3.2.32 for Windows, decompress and install the three software in the C: Apache, C: PhP4, and C: MySQL directories.
2) C: The php4sapi directory contains several PHP module files on common Web servers. Copy php4apache. DLL to the modules subdirectory (C: apachemodules) of Apache ).
3) Modify Apache configuration file C: apacheconfhttpd. conf, add the following lines:
loadmodule php4_module modules/php4apache. DLL
addtype application/X-httpd-PHP. php3
addtype application/X-httpd-PHP-source. PHPs
addtype application/X-httpd-PHP. php
the first step is to run PhP4 in Apache module mode so that user authentication can be performed. The last three lines define the extension of the PHP script program.
4) Add "C: PhP4" in the path command of the autoexec. BAT file and restart the computer.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.