.htaccess Password protection keeps asking for password over and over

Asked 26/3, 2014 at 12:28 Answered 3/2, 2019 at 5:56

apache .htaccess passwords password-protection .htpasswd

I've placed this code in the .htaccess file of the folder I want to protect:

AuthName "restricted area"
AuthType Basic
AuthUserFile /home/#/#/#/#/#/.htpasswd
require valid-user

In the same folder, I placed this .htpasswd:

my:pass

When I go to the URL of the protected folder, the browser keeps asking me for a password over and over, even though I'm typing the correct one.

I know that the root directory mentioned in AuthUserFile is ok because I've found it out with:

<?php
    $dir = dirname(__FILE__);
    echo "<p>Full path to a .htpasswd file in this dir: " . 
        $dir . "/.htpasswd" . "</p>";
?>

Where's the problem?

Callaway answered 26/3, 2014 at 12:28 Comment(2)

#10015581 – Intransigence 26/3, 2014 at 13:16

Same happened to me so I am reporting here. In my case I was making a server call at the starting of the script which was returning 404 for the first time. Handling that fixed the issue. – Russellrusset 6/10, 2016 at 17:47

Just add "user" in between require valid-user

For example:

Require user markpanado

But not:

Require markpanado

Underdrawers answered 5/3, 2017 at 15:59 Comment(5)

you say to add user between require valid-user but your final answer has no valid-user entry... :( – Easterling 27/11, 2017 at 22:55

What if there are two user accounts that need to be allowed in this directory? – Sailfish 12/2, 2019 at 23:55

@SpaceDog no, the final answer is the first answer. Read it again. – Underdrawers 13/6, 2019 at 2:57

@Sailfish I haven't tried that, but did you try Require user1 user2 user3 format? – Underdrawers 13/6, 2019 at 2:58

@mark The memory is vague but I think that solved my particular issue. – Sailfish 15/6, 2019 at 20:53

the problem, so i found for my website, is that the htpasswd file path is not the same as the path provided in the htaccess. I spent weeks trying to find where the problem was, but although you create usernames and passes using the htpasswrd the file is not communicating with the secure folder. You will need to find out why. maybe a spelling mistake or as in my case, the htpasswd was being saved in a completely different folder, and i had 2 htpasswrd in different folders. the two need to communicate htacccess and htpasswrd, hope this saves you time I figured it out after weeks of sleepless nights.

Viva answered 15/8, 2016 at 22:2 Comment(0)

I have just come across this problem. After trying to figure it out for the last couple of days I have found out the source of the problem:

This prompt gets triggered when using AuthType Basic and whenever a 401 message is sent from the website.

Is it possible that you had a 401 HTTP status code message being sent from the server at each request? You can check your developer console to find out.

Proposal answered 3/2, 2019 at 5:56 Comment(4)

I DO see a 401 in my case but when I use a different user I no longer get the prompt repeatedly. – Sailfish 12/2, 2019 at 23:54

@Sailfish Can you identify which portion of your back-end script is sending the 401 error? Is it a script you created or a platform of some type? – Proposal 13/2, 2019 at 2:40

it's the favicon.ico which seems to be a standard item served out by apache. Furthermore I filed this as its own question if you're curious to more details. – Sailfish 13/2, 2019 at 14:59

this was years ago but yes I'm pretty sure I got 401 back. – Callaway 11/4, 2019 at 15:46

Recommended topics

Hot tags