.htaccess Password protection keeps asking for password over and over

Question

I've placed this code in the .htaccess file of the folder I want to protect:

AuthName "restricted area"
AuthType Basic
AuthUserFile /home/#/#/#/#/#/.htpasswd
require valid-user

In the same folder, I placed this .htpasswd:

my:pass

When I go to the URL of the protected folder, the browser keeps asking me for a password over and over, even though I'm typing the correct one.

I know that the root directory mentioned in AuthUserFile is ok because I've found it out with:

<?php
    $dir = dirname(__FILE__);
    echo "<p>Full path to a .htpasswd file in this dir: " . 
        $dir . "/.htpasswd" . "</p>";
?>

Where's the problem?

http://stackoverflow.com/questions/10015081/htaccess-doesnt-work-always-wrong-password — Malcolm, Mar 26 '14 at 13:16
Same happened to me so I am reporting here. In my case I was making a server call at the starting of the script which was returning 404 for the first time. Handling that fixed the issue. — r.bhardwaj, Oct 06 '16 at 17:47

score 4 · Answer 1 · answered Mar 05 '17 at 15:59

4

Just add "user" in between require valid-user

For example:

Require user markpanado

But not:

Require markpanado

answered Mar 05 '17 at 15:59

Mark

135
1
9

3

you say to add user between require valid-user but your final answer has no valid-user entry... :( – Duck Nov 27 '17 at 22:55
What if there are two user accounts that need to be allowed in this directory? – Jacksonkr Feb 12 '19 at 23:55
@SpaceDog no, the final answer is the first answer. Read it again. – Mark Jun 13 '19 at 02:57
1

@Jacksonkr I haven't tried that, but did you try `Require user1 user2 user3` format? – Mark Jun 13 '19 at 02:58
2

@mark The memory is vague but I think that solved my particular issue. – Jacksonkr Jun 15 '19 at 20:53

score 3 · Answer 2 · edited Oct 13 '22 at 19:39

the problem, so i found for my website, is that the htpasswd file path is not the same as the path provided in the htaccess. I spent weeks trying to find where the problem was, but although you create usernames and passes using the htpasswrd the file is not communicating with the secure folder. You will need to find out why. maybe a spelling mistake or as in my case, the htpasswd was being saved in a completely different folder, and i had 2 htpasswrd in different folders. the two need to communicate htacccess and htpasswrd, hope this saves you time I figured it out after weeks of sleepless nights.

score 0 · Answer 3 · answered Feb 03 '19 at 05:56

0

I have just come across this problem. After trying to figure it out for the last couple of days I have found out the source of the problem:

This prompt gets triggered when using AuthType Basic and whenever a 401 message is sent from the website.

Is it possible that you had a 401 HTTP status code message being sent from the server at each request? You can check your developer console to find out.

answered Feb 03 '19 at 05:56

kojow7

10,308
17
80
135

I DO see a 401 in my case but when I use a different user I no longer get the prompt repeatedly. – Jacksonkr Feb 12 '19 at 23:54
@Jacksonkr Can you identify which portion of your back-end script is sending the 401 error? Is it a script you created or a platform of some type? – kojow7 Feb 13 '19 at 02:40
it's the favicon.ico which seems to be a standard item served out by apache. Furthermore [I filed this as its own question](https://serverfault.com/questions/953631/htaccess-continues-to-prompt-for-password-after-login?noredirect=1#comment1240145_953631) if you're curious to more details. – Jacksonkr Feb 13 '19 at 14:59
this was years ago but yes I'm pretty sure I got 401 back. – rockyraw Apr 11 '19 at 15:46

.htaccess Password protection keeps asking for password over and over

3 Answers3