This forum has been moved here:
Helicon Tech Community Forum

Helicon Ape (Forum Locked Forum Locked)
 Helicon Tech : Helicon Ape
Subject Topic: Disabling .htaccess auth on subdirs
Author
Message |
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 19 December 2011 at 7:42am

I asked the same question about a year ago and never found a conclusive answer. I have .htaccess/.htpasswd authentication working successfully on a Windows Server 2008 R2/IIS7.5 installation (Ape is licensed). However now I would like to bypass a particular subfolder's authentication requirements so no credentials are required on it.

So for the top-level virtual folder my .htaccess contains:

Code:
AuthType Basic
AuthName "Test"
AuthBasicProvider file
AuthUserFile c:\inetpub\wwwroot\.htpasswd
Require valid-user


And .htpasswd contains:

Code:
xxxx:encryptedpasswordhash
yyyy:encryptedpasswordhash


I want to prevent password prompting for the 'http://myserver/nopass/index.htm' subfolder so in Ape's httpd.conf file I add:

Code:
<Directory c:\inetpub\wwwroot\nopass\>
   AllowOverride none
</Directory>


However after 'iisreset' I still get prompted for a user/pass when trying to access '/nopass'.

With debug logging on I get the following entries:

Code:
[19/12/2011 13:23:23] [LicenseManager] Credentials for XXXXXXXX are valid
[19/12/2011 13:23:23] [cache_module] items stored in the cache: 1; bytes available for the cache: 1887436800, physical memory limit: 99%
[19/12/2011 13:23:23] [mod_core_context] (8) [/nopass/index.htm] ConfigFactory.LoadHtaccess:
[19/12/2011 13:23:23] [mod_core_context] (8) [/nopass/index.htm] ConfigFactory.LoadHtaccess: c:\inetpub\wwwroot\.htaccess
[19/12/2011 13:23:23] [authn_file_module] (8) [/nopass/index.htm] AuthUserFile: c:\Inetpub\wwwroot\.htpasswd
[19/12/2011 13:23:23] [authn_file_module] (8) [/nopass/index.htm] user xxxx added
[19/12/2011 13:23:23] [authn_file_module] (8) [/nopass/index.htm] user yyyy added
[19/12/2011 13:23:23] [auth_basic_module] (8) [/nopass/index.htm] Authorization header not found
[19/12/2011 13:23:34] [auth_basic_module] (8) [/nopass/] Authorization header not found



What am I doing wrong?

Edited by mattross - 19 December 2011 at 9:13am
Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 19 December 2011 at 8:01am

Hello,

Try to replace
Code:
AllowOverride none

with
Code:
Order Deny,Allow
Allow from all
Satisfy Any


this must work.

Regards
Andrew
Back to Top
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 19 December 2011 at 9:21am

Edited httpd.conf as stated but it still prompts for a user/pass after iisreset:

Code:
[19/12/2011 15:14:13] [LicenseManager] Credentials for XXXXXXXX are valid
[19/12/2011 15:14:13] [cache_module] items stored in the cache: 1; bytes available for the cache: 1887436800, physical memory limit: 99%
[19/12/2011 15:14:13] [mod_core_context] (8) [/nopass/] ConfigFactory.LoadHtaccess:
[19/12/2011 15:14:13] [mod_core_context] (8) [/nopass/] ConfigFactory.LoadHtaccess: c:\inetpub\wwwroot\.htaccess
[19/12/2011 15:14:13] [authn_file_module] (8) [/nopass/] AuthUserFile: c:\Inetpub\wwwroot\.htpasswd
[19/12/2011 15:14:13] [authn_file_module] (8) [/nopass/] user xxxx added
[19/12/2011 15:14:13] [authn_file_module] (8) [/nopass/] user yyyy added
[19/12/2011 15:14:13] [mod_core_context] (8) [/nopass/] ConfigFactory.LoadHtaccess:
[19/12/2011 15:14:13] [mod_authz_host] (8) [/nopass/] ProcessAuthenticateRequest : UserHostAddress [xxx.xxx.xxx.xxx], UserHostName [xxx.xxx.xxx.xxx]
[19/12/2011 15:14:13] [mod_authz_host] (8) [/nopass/] deny then allow rules
[19/12/2011 15:14:13] [mod_authz_host] (8) [/nopass/] allow rule trigged
[19/12/2011 15:14:13] [mod_authz_host] (8) [/nopass/] Satisfy [ANY], forbidden [False]


The '/nopass' folder contains only 'index.htm'.
Back to Top
 
Guests
Guest


Joined: 01 October 2003
Online Status: Online
Posts: -160
Posted: 20 December 2011 at 4:16am

Well the last line:

Quote:
[19/12/2011 15:14:13] [mod_authz_host] (8) [/nopass/] Satisfy [ANY], forbidden [False]

Shows that module granted access.
Please, make sure you don't have IIS authentication and you have sufficient permissions to the folder itself

Regards
Andrew
Back to Top
 
mattross
Newbie


Joined: 29 June 2010
Posts: 17
Posted: 20 December 2011 at 10:52am

Thanks for the help. I used Procmon to analyse what was going wrong. Although I had only anonymous access enabled in IIS the 'IUSR' account (in addition to 'IIS_IUSRS') needed read access. I don't know why I had to add this manually as it's a recent server re-build with IIS in a mostly default state. I suspect it relates to application pools as I have created a separate pool for each folder.
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version