passwords not recognized in .htaccess

Posted: Sat Sep 23, 2006 3:22 am (18 years, 5 months ago)

The account name in the example below is bogus for security reasons.

After a lot of work I have .htaccess partially working on a GoDaddy account.

Here's the file structure as it appears on GoDaddy

/
.htpasswd
favicon.ico
(directory) Images
(directory) Pages
(directory) Protected
.htaccess
Enter.htm

As can be seen the .htpasswd file appears to be at the root level of account.

The directory Protected is for test purposes. The .htaccess file is in there along with a very simple html page called Enter.

Here is the contents of the .htaccess file. Note the account name is bogus but in the real file the real account name is in there.

AuthUserFile /home/content/j/o/e/joesmith/html/.htpasswd
AuthGroupFile /dev/null
AuthName "This Area is Restricted to Members Only"
AuthType Basic

<limit GET POST>
require valid-user
</limit>

Since there is no on-screen button or link on the home page to the Enter.htm page I have been testing using this path:

www.joessite.com/Protected/Enter.htm Note this is a bogus address. It will not take you to any site. It is just an example of how the address line is formed for testing the operation of .htaccess and .htpasswd

When you hit the Enter key the .htaccess user name and password challenge box is displayed. This seems to be telling me that the code in the .htaccess file is correct or I wouldn't be seeing this challenge.

For the .htpasswd file I made up two test users and created the .htpasswd file using one of the on-line password generators that use the form username:encryptedpassword. Each test user:password entry is on a separate line and I've checked to be sure only has carriage returns are at the end of each line.

Still, neither of the username/password combinations are recognized. On hitting enter key the sign-in box disappears then is redisplayed.

Does anyone who has mastered making .htaccess work see anything here that is an obvious mistake? Embarassed

Thanks, in advance, to any and all who offer help.

Posted: Sat Sep 23, 2006 9:35 am (18 years, 5 months ago)

I'm not sure what could be wrong. Any chance we could see the content of the .htpasswd file?

The only suggestion I can think of is to check the file permissions of the .htpasswd file, to make sure the web server can actually read the file.

Posted: Thu Sep 28, 2006 12:55 am (18 years, 5 months ago)

Adam,

Thanks for your reply. Here's the content of the .htpasswd file.

This was sent to the server with Dreamweaver. The file originally was called htpasswd.txt. After it was successfully onto the server we did a name change to .htpasswd

As I understand it this would keep the file as a text file. We did nothing about setting permissions. Can this be done through Dreamweaver or does it require the use of an FTP program?

testUser1:K2hM8g1nkDm2A
testUser2:9g2kgg6AzEta6

Posted: Thu Sep 28, 2006 11:15 am (18 years, 5 months ago)

Can't see anything wrong with the file; renaming it wouldn't cause any problems.

You will need to use FTP to check the permissions -- make sure they're set to 644 (-rw-r--r--).

Other than that, I'm not sure what the problem could be.

Posted: Sat Jul 11, 2015 1:52 am (9 years, 8 months ago)

I use KeePass. It will generate strong passwords for you or let you specify your own, and then stores them in an encrypted database. Very handy little program.