Access Authentication Tutorial
a hurry? Receive complete details on our fast, affordable web
hosting services and E-commerce solutions via our
This tutorial covers web-based
user authentication using HTAccess. Web-based authentication denies
web access to visitors who do not give a valid username and
password. This feature allows webmasters to restrict access to
certain directories. The usernames and encrypted passwords are kept
in a webmaster-maintained file.
You will need the following basic skills:
- Ability to
telnet and log in to your
- Ability to use a text editor (such as
- Working knowledge of paths and basic
filesystem navigation (cd, mkdir, etc.)
The following is an example use of the .htaccess
file. Let's assume that it resides at /web/guide/somewhere/somepath/.htaccess.
AuthName Somewhere.com's Secret Section
<Limit GET POST>
The .htaccess file affects the directory
in which it is placed, so in this example, any visitor requesting <URL:http://somewhere.com/somepath/>
would be presented with an authentication request.
The .htaccess file also affects
directories recursively below it. Therefore, requesting <URL:http://somewhere.com/somepath/evenmore/>
would yield the same authentication request unless ~/somepath/evenmore
had a .htaccess file of its own.
The first line, starting with AuthUserFile,
tells the webserver where to find your username/password file. We'll
create that file in a minute. For now, change the AuthUserFile
line as necessary for your use.
Notice that the AuthName in the
example, "Somewhere.com's Secret Section," is used in the
Using your favorite text editor, create a file
similar to the example, replacing AuthUserFile and AuthName
with values for your situation. Be sure to name the file .htaccess.
(You can do this with FTP)
Now that we understand the basic .htaccess
model, how can we specify who is allowed? We'll create an .htpasswd
file named in the AuthUserFile line above.
To create an .htpasswd file, go to the
directory you specified in AuthUserFile. In the example, this
is /mnt/web/guide/somewhere/somepath. Then use the htpasswd
program with the -c switch to create your .htpasswd in
the current directory. (You have to do this in telnet)
Type htpasswd -c .htpasswd username
to create the file and add "username" as the first user.
The program will prompt you for a password, then verify by asking
again. You will not see the password when entering it here: