Basic access authentication to control the access of users to websites

<p>The task was to provide a wiki to which only people who attended the course were granted access. The problem is, that this wiki was stored on the webspace provided by the university for students, so the administrator of the wiki did not have all rights and possibilities to solve the problem. Find a way, which does not take too much time (because the main task of the excercise in the course was not to deal with a server and a wiki) to guarantee everyone of the course - but nobody else - the access to the wiki (respectively the folder where the wiki is stored).</p>
1 answer

Use htaccess files to control who is accessing the website

  1. Create a .htaccess file in the top directory, where the wiki (or files which should not be seen by others) lies. This file has to contain the following lines (or more if you want additional functionality):<code>AuthType BasicAuthName "Service-Domain"AuthUserFile <absolute-path-to-your-user-file>Require userĀ  user1 user2</code>The first three lines are required to provide a password authentication. If you are working with usergroups you also need AuthGroupFile. The string provided for the AuthName is what will appear in the password dialog provided by most browsers. Require user is followed by a list of usernames who are allowed to have access. Working with usergroups would necessitate a Require group followed by the group name who has access.
  2. Now you need a .htusers file where you store the password for each user. This file should lie somewhere outside of the web project but in most cases this is not possible. It is a good idea to put it in a private folder where it cannot easily be mixed up with other files. This file has to look like this:<code>user1:INeRD/cUQIFP6user2:INUnlKdkNZ6RQuser3:IN20ffIEEV1H6</code>The passwords are encrypted, only with Windows platforms plain passwords are allowed. Encrypted passwords can be created with htpasswd for instance.
  3. As soon as you have saved your files it is only possible to have access to the website/files it you have the right passwords for user1 and user2.