This forum has been moved here:
Helicon Tech Community Forum

Helicon Ape (Forum Locked Forum Locked)
 Helicon Tech : Helicon Ape
Subject Topic: AuthType Basic inheritance on subfolders
Author
Message |
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 29 June 2010 at 2:54am

How is subfolder inheritance handled by Ape? If I have .htaccess/.htpasswd files in a folder to protect it do all subfolders have the same protection? This will be on IIS6, Windows Server 2003.

If so how can I then have a subfolder with different, or no, protection?

Under Apache this would be done with a .htaccess file containing this:

Satisfy Any
Allow from all

Thanks.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 29 June 2010 at 8:46am

Hello,
All the sub-folders will have the same protection and the code should work in Helicon Ape either.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 02 July 2010 at 8:25am

OK so I have now installed the 45-day trial to see if I can get this working before buying it.

I cannot get it working yet...I have enabled just the three modules auth_basic_module, authn_file_module and authz_user_file in httpd.conf.

Worryingly the error.log is saying my trial has expired:

[02/07/2010 13:50:09] [cache_module] items stored in the cache: 0; bytes available for the cache: 754974720, physical memory limit: 98%
[02/07/2010 13:50:10] [LicenseManager] Trial days left 45
[02/07/2010 13:51:20] [cache_module] items stored in the cache: 0; bytes available for the cache: 754974720, physical memory limit: 98%
[02/07/2010 13:51:20] [cache_module] items stored in the cache: 0; bytes available for the cache: 754974720, physical memory limit: 98%
[02/07/2010 13:51:20] [LicenseManager] Trial days left 0
[02/07/2010 13:51:20] [LicenseManager] Trial days left 0
[02/07/2010 13:52:38] [cache_module] items stored in the cache: 0; bytes available for the cache: 754974720, physical memory limit: 98%
[02/07/2010 13:52:38] [LicenseManager] Trial days left 0
[02/07/2010 14:07:45] [LicenseManager] Trial days left 0
[02/07/2010 14:09:31] [LicenseManager] Trial days left 0

Permissions on the files httpd.conf and licenses.conf are full rights for SYSTEM and Everyone which I presume is what it should be.

On the web site I have a subfolder called test in which I created a .htaccess file:

AuthType Basic
AuthName "Project"
AuthBasicProvider file
AuthUserFile c:\Inetpub\wwwroot\test\.htpasswd
Require valid-user

Then I created the c:\Inetpub\wwwroot\test\.htpasswd file user using the manager:

test:{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=

The password here is 'test'.

Accessing the web server URL http://myserver/test prompts me for a user/pass but test/test does not work.

What am I doing wrong?
Back to Top
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 02 July 2010 at 9:22am

Sorry I must have done something wrong as authentication is now working, please ignore my last post.

I still cannot allow subfolder of 'test/unlocked' to work without authentication though. I have the 'unlocked' folder created (not virtual) and a .htaccess file in it with just:

Satisfy Any
All from all

I still get prompted for a password. Have also tried adding this to the end of /test/.htaccess:

<Location /test/unlocked>
   Satisfy any
   Allow from all
</Location>

Both still prompt for username/password.

Once I have this working we will be buying as that's all we want it to do.

Thanks.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 02 July 2010 at 11:10am

Hello,
So far, please check NTFS permissions for the .htaccess file in the sub-folder. Make sure Ape reads it e.g.:
Code:
RewriteEngine on
RewriteRule .? - [G]

This code will produce “Gone” response which signifies that Ape is working.

It would be nice if you could send me the whole project, or maybe part of it so that I could reproduce the issue in our test environment. You may use [email protected]

Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 02 July 2010 at 4:30pm

The NTFS permissions are correct I think, I have Full access to SYSTEM and Administrators and Read access to NETWORK SERVICE and the IUSR_... user. This is the same as for the .htaccess file in the parent directory. Your RewriteEngine rule works (once I uncomment the RewriteEngine module in httpd.conf).

When the RewriteEngine rule is on for the /test/unlocked subdirectory I get the Gone message but am not prompted for authentication. If I remove the RewriteEngine lines the authentication prompt returns.

I have sent an e-mail to support at helicontech.com with a .zip file containing my 'test' folder.

Thanks.

Edited by mattross - 02 July 2010 at 4:33pm
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 05 July 2010 at 2:28am

Hello,
Thank you for the files. Please try the following code in test/unlocked/.htaccess:
Code:
Satisfy Any

Order Allow,Deny
Allow from all


__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 05 July 2010 at 5:44am

Unfortunately I'm still prompted for a user/pass after adding the Order statement. Could this be related to IIS6?
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 06 July 2010 at 3:53am

Hello,
Could you please provide me with IIS metabase, web.config and httpd.conf files.
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 06 July 2010 at 10:24am

There is currently no top-level web.config file. This server contains accounts for over a hundred users and they each have a subfolder on the web server to test and publish their ASP.NET. So some users will have a web.config file but the 'test' subfolder I've been using to test Helicon Ape has only the files I already supplied in the previous file I sent via e-mail.

I have sent a new e-mail with the metabase for IIS6 on the server.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 07 July 2010 at 5:08am

Hello,
I’ve responded by E-Mail. Please check your inbox.
Thank you.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 07 July 2010 at 10:58am

I've tried the Ape httpd.conf and 'test' folder you sent me but it has made no difference.

If I access http://myserver/test by itself first in a new web browser window I get prompted for user/pass as expected. If I enter the valid one I can then access http://myserver/test/unlocked as well without being re-prompted, but this is using the cached user/pass I entered for the initial URL I presume. If I go straight to the test/unlocked URL before entering a valid user/pass it always prompts.

I used to use a product called Trilead-ISAPI that worked exactly as I'm trying to use Ape using the same contents for .htaccess (minus the AuthBasicProvider command) and using crypt passwords instead of SHA1.

I have used Microsoft's Procmon utility to log all '.htaccess', '.htpasswd' and 'test' strings in the Path of processes on the server and it looks like the unlocked folder's .htaccess is never read on this server:

Code:
13:39:55.1422533     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1423668     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1424522     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1425397     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1426305     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\web.config     NAME NOT FOUND     
13:39:55.1427399     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1428236     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test     SUCCESS     Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:39:55.1428383     w3wp.exe     5920     QueryDirectory     C:\Inetpub\wwwroot\test\web.config     NO SUCH FILE     Filter: web.config
13:39:55.1428481     w3wp.exe     5920     CloseFile     C:\Inetpub\wwwroot\test     SUCCESS     
13:39:55.1429536     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test     SUCCESS     Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:39:55.1429735     w3wp.exe     5920     NotifyChangeDirectory     C:\Inetpub\wwwroot\test          Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_SECURITY
13:39:55.1430788     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\web.config     NAME NOT FOUND     
13:39:55.1434574     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:39, ChangeTime: 02/07/2010 20:48:44, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1435702     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:39, ChangeTime: 02/07/2010 20:48:44, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1436734     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:39, ChangeTime: 02/07/2010 20:48:44, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1437823     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:39, ChangeTime: 02/07/2010 20:48:44, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1438791     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked\web.config     NAME NOT FOUND     
13:39:55.1439954     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:45:39, ChangeTime: 02/07/2010 20:48:44, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.1440950     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:39:55.1441084     w3wp.exe     5920     QueryDirectory     C:\Inetpub\wwwroot\test\unlocked\web.config     NO SUCH FILE     Filter: web.config
13:39:55.1441172     w3wp.exe     5920     CloseFile     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     
13:39:55.1442279     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test\unlocked     SUCCESS     Desired Access: Read Data/List Directory, Read Attributes, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
13:39:55.1442450     w3wp.exe     5920     NotifyChangeDirectory     C:\Inetpub\wwwroot\test\unlocked          Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_SECURITY
13:39:55.1443542     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\unlocked\web.config     NAME NOT FOUND     
13:39:55.5438972     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\.htaccess     NAME NOT FOUND     
13:39:55.5459955     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test     SUCCESS     CreationTime: 02/07/2010 20:45:35, LastAccessTime: 07/07/2010 13:39:55, LastWriteTime: 02/07/2010 20:45:51, ChangeTime: 02/07/2010 20:45:54, AllocationSize: 0, EndOfFile: 0, FileAttributes: D
13:39:55.5462134     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\.htaccess     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:46:22, ChangeTime: 02/07/2010 20:51:08, AllocationSize: 4,096, EndOfFile: 128, FileAttributes: A
13:39:55.5463422     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test\.htaccess     SUCCESS     Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
13:39:55.5463699     w3wp.exe     5920     ReadFile     C:\Inetpub\wwwroot\test\.htaccess     SUCCESS     Offset: 0, Length: 128
13:39:55.5463897     w3wp.exe     5920     ReadFile     C:\Inetpub\wwwroot\test\.htaccess     END OF FILE     Offset: 128, Length: 4,096
13:39:55.5464042     w3wp.exe     5920     CloseFile     C:\Inetpub\wwwroot\test\.htaccess     SUCCESS     
13:39:55.5511787     w3wp.exe     5920     QueryOpen     C:\Inetpub\wwwroot\test\.htpasswd     SUCCESS     CreationTime: 02/07/2010 20:45:39, LastAccessTime: 07/07/2010 13:30:48, LastWriteTime: 02/07/2010 20:47:18, ChangeTime: 02/07/2010 20:51:08, AllocationSize: 4,096, EndOfFile: 40, FileAttributes: A
13:39:55.5534656     w3wp.exe     5920     CreateFile     C:\Inetpub\wwwroot\test\.htpasswd     SUCCESS     Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
13:39:55.5534917     w3wp.exe     5920     ReadFile     C:\Inetpub\wwwroot\test\.htpasswd     SUCCESS     Offset: 0, Length: 40
13:39:55.5535153     w3wp.exe     5920     ReadFile     C:\Inetpub\wwwroot\test\.htpasswd     END OF FILE     Offset: 40, Length: 4,096
13:39:55.5535280     w3wp.exe     5920     CloseFile     C:\Inetpub\wwwroot\test\.htpasswd     SUCCESS     

Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 08 July 2010 at 9:01am

Hello,
The log shows no attempts to load that .htaccess file. So maybe something stops Ape to load the file. Please make sure there are no other authentications enabled in the website properties.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 08 July 2010 at 9:14am

I have check the authentication methods that are enabled on the Directory Security tab at the top level, at the 'test' folder level and at the 'test/unlocked' level. All three are like this:

Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 09 July 2010 at 3:58am

Hello,
Is it possible to see the system through remote desktop access? You may send login credentials over E-Mail to [email protected]
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 09 July 2010 at 8:50am

Unfortunately our system-wide firewall (of which I have no control over) will not allow RDP connections. I've just tried it myself from home to confirm it doesn't connect.
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 12 July 2010 at 5:06am

Hello,
Do you think it’s possible to have a live meeting session? We can use TeamViewer for example, or any other software you prefer.
As we can’t reproduce the issue in our environment, and yet it’s not solved, the direct access to the server will possibly be the best way.
Thanks.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 16 July 2010 at 4:21pm

Sorry for not replying sooner. Strange things have been happening and somehow I've managed to get it working, but with errors in Ape's 'error.log'. Let me explain...

I have the '/test' folder as before I want password authentication to be active on, and the '/test/unlocked' subfolder to allow anyone access without authentication. In '/test/.htaccess' I have:

Code:
AuthType Basic
AuthName "Test Project"
AuthBasicProvider file
AuthUserFile c:\Inetpub\wwwroot\test\.htpasswd
Require valid-user


In '/test/unlocked/.htaccess' I have:

Code:
<Directory c:\Inetpub\wwwroot\test\unlocked\>
     Satisfy Any

     Order Allow,Deny
     Allow from all
</Directory>


Where it gets strange is that Ape's 'error.log' is generating errors when accessing '/test/unlocked' via the web:

Code:
[16/07/2010 21:50:15] [cache_module] items stored in the cache: 0; bytes available for the cache: 754974720, physical memory limit: 98%
[16/07/2010 21:50:15] [LicenseManager] Trial days left 14
[16/07/2010 21:50:16] [ConfigLoader] (4) [/test/unlocked/] c:\inetpub\wwwroot\test\unlocked\.htaccess(1): Invalid command '<Directory c:\Inetpub\wwwroot\test\unlocked\>' on line 1, perhaps misspelled or defined by a module not included in the server configuration
[16/07/2010 21:50:16] [ConfigLoader] (4) [/test/unlocked/] c:\inetpub\wwwroot\test\unlocked\.htaccess(5): Invalid command '</Directory>' on line 5, perhaps misspelled or defined by a module not included in the server configuration


Before I couldn't even get it to read the '.htaccess' in the '/test/unlocked' subfolder. Now as a side effect of the errors it is allowing access to '/test/unlocked' without authentication but still prompting as I want on the '/test' parent folder.

I've also noticed that I have to set the 'httpd.conf' DirectoryIndex values to match the ones I have configured in IIS or else it does not work correctly.

I have all of the modules uncommented in 'httpd.conf' so why is 'Directory' not recognised as a valid command?
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 19 July 2010 at 3:50am

Hello,
‘Directory’ is supposed to be in httpd.conf. You can’t use the directive in .htaccess. Actually using ‘Directory’ directive and .htaccess file are equal operations.

I didn’t understand how you use ‘DirectoryIndex’. It’s not required and you may use default IIS settings.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 19 July 2010 at 9:57am

Okay so that explains the errors, I didn't read the documentation properly. In that case I can insert any invalid statement into the .htaccess in subfolders where I don't want authentication and that has the side-effect of preventing Ape prompting for username/password. Still don't know why it doesn't work the proper way but as a workaround this is workable for now.

As for DirectoryIndex what I've found is that using my method described to prevent subfolders requiring authentication only seems to work if the subfolder contains a valid DirectoryIndex document. So if I don't set Ape's httpd.conf to match our IIS configuration then subfolders I want to be free of authentication still prompt if one of the DirectoryIndex documents does not exist. This might be related to directory browsing being disabled across the whole server.

On another matter if we buy a license for Ape is it easily transferrable between servers? At some point we may want to upgrade the OS and/or hardware. Is a license tied to a particular hardware/OS combination or can we use it on any one server at a time?
Back to Top
 

Page of 2 Next >>
 
Printable version Printable version