I recently had an opportunity to use Basic Authentication and Digest Authentication, so I'd like to share what I learned about these two authentication methods. This article will focus on Basic Authentication, especially how it works and how to implement it.
Basic Authentication
Basic Authentication is a simple authentication mechanism where the client sends credentials like username and password encoded in Base64 with each HTTP request. While Base64 encoding is not encryption, it allows the credentials to be included in a standard format. Since it lacks encryption, it is recommended to use HTTPS to secure credentials in transit.
Implementation
Follow these steps to implement Basic Authentication on the Apache server:
- Install Apache using yum:
sudo yum install httpd -y
- Create a protected directory:
sudo mkdir -p /var/www/html/basic
/basic can be anything.
- Create the
.htpasswdfile:
sudo htpasswd -c /etc/httpd/.htpasswd username
You'll be asked to type and confirm the password.
- Edit the Apache configuration file:
sudo vi /etc/httpd/conf/httpd.conf
Add the following inside the <Directory "/var/www/html"> section (usually from 160 lines):
<Directory "var/www/html/basic">
AuthType Basic
AuthName "Basic Auth"
AuthUserFile /etc/httpd/.htpasswd
Require user username
</Directory>
- Create an index.html file in the protected directory:
sudo vi /var/www/html/basic/index.html
Add something you want to display when the user is authorized:
You're successfully authorized
- Press
ito start typing in the INSERT MODE. - To exit the INSERT MODE, press
esc, type:wq, and pressEnter.
- Restart the Apache server:
sudo systemctl restart httpd
- Test the authentication using
curlcommand:
curl -L -u username:password http://xx.xx.xx.xx/basic
If you see You're successfully authorized, authentication is working correctly.
In the next article, Understanding Digest Authentication, I will explore more about Digest Authentication.
Top comments (0)