0

Hi guys,

I am trying to create a login page using apache mod_auth_form to authenticate users. Once the user is authenticated he/she should be able to access the main page.

# my public directory: #
C:/webroot/
regtrack_newSG.php

# my protected directory: #
C:/webroot/myapp/
regtrack_studysiteone.php

# my password file:
C:/Apache24/passwd/passwords

# .htaccess file under the protected directory: #

    AuthFormProvider file
    AuthUserFile "C:\Apache24\passwd\passwords" 
    AuthFormLoginRequiredLocation /regtrack_newSG.php
    AuthFormLoginSuccessLocation /myapp/regtrack_studysiteone.php
    AuthType form
    AuthName realm
    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase secret
    Require valid-user

# httpd config: #

    LoadModule auth_form_module modules/mod_auth_form.so

    DocumentRoot "c:/webroot"
    <Directory "c:/webroot">
        Options Indexes FollowSymLinks
        AllowOverride AuthConfig
        Order allow,deny
        Allow from all

    </Directory>

    <Directory "c:/webroot/myapp">
      Options FollowSymlinks
      AllowOverride AuthConfig
      Order allow,deny
      Allow from all
    </Directory>

    <Location /dologin>
        SetHandler form-login-handler
        AuthFormProvider file
        AuthUserFile "C:/Apache24/passwd/passwords" 
        AuthFormLoginRequiredLocation /regtrack_newSG.php
        AuthFormLoginSuccessLocation /myapp/regtrack_studysiteone.php
        AuthType form
        AuthName realm
        Session On
        SessionCookieName session path=/
        SessionCryptoPassphrase secret    
    </Location>


# my login page (regtrack_newSG.php): #

    <html>
    <form method="POST" action="/dologin">
    <b>Username:</b>  <input type="text" name="httpd_username" value="" /><br>
    <b>Password:</b>  <input type="password" name="httpd_password" value="" /><br>
    </TD></TR>
    <TR><TD align=center>
    <input type="submit" name="login" value="Login" /> 
    </form>
    </html>

## When entering an invalid user, it gives me this message: ##

"This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required."

## When entering a valid user, it gives me this message: ##

"The connection to the server was reset while the page was loading..."

# Apache Error log: #

[Fri Feb 13 08:46:59.346701 2015] [ssl:warn] [pid 7456:tid 440] AH01909: RSA certificate configured for OC.lacrn.LOCAL:8801 does NOT include an ID which matches the server name
[Fri Feb 13 08:46:59.487327 2015] [ssl:warn] [pid 7456:tid 440] AH01909: RSA certificate configured for OC.lacrn.LOCAL:8801 does NOT include an ID which matches the server name
[Fri Feb 13 08:46:59.491164 2015] [mpm_winnt:notice] [pid 7456:tid 440] AH00354: Child: Starting 64 worker threads.

I have no clue why it is happening. Can anyone help me?

Thank you.

Edited by Dani: Formatting fixed

2
Contributors
3
Replies
20
Views
2 Years
Discussion Span
Last Post by cereal
0

I removed the .htaccess file alltogether and placed the instruction in a Directory in the httpd config file.

<Directory "c:/webroot/myapp">
AuthFormProvider file
...
Require valid user
</Directory>

Now, when I try an unauthorized user it redirects me to the login page like it supposed to. But when I try to login with a valid user name and password it still gives me the error msg: "The connection to the server was reset while the page was loading..." and the same error msg from the log as posted previously.

To answer your question, yes, the passwords have been encoded using the htpasswd. I checked the password file and the contents are as expected (username: encryption)

The apache login used to work when using the 'AuthType Basic', now with my custom login page form it doesn't.

Edited by Samyx

0

Your configuration works fine for me, just make sure to enable all the modules requested by this procedure, I did a fresh install of Apache and I had to enable these modules:

  • session
  • session_cookie
  • session_crypto
  • request
  • auth_form

After that everything worked fine. For example by using AuthFormProvider file Apache requires the authn_file module which is usually enabled by default, but make sure it is on.

Edited by cereal

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.