1

I'm working on a basic system that sits behind an HTTP basic auth username/password. The client would like certain actions only to be performed by a certain type of user. I could create a whole login system in PHP, but would prefer to keep it simple and just use HTTP basic auth again.

So can I have a general username/password for access to the system, and then prompt for a lesser-known username/password if the user tries to access a certain page?

Codemonkey
  • 4,455
  • 5
  • 44
  • 76
  • 2
    You might be looking for [realms](https://stackoverflow.com/questions/12701085/what-is-the-realm-in-basic-authentication) – tyteen4a03 Nov 06 '17 at 13:50
  • Obviously this would be framework-specific, but any one that supports middleware would make it straightforward. You'd just create a middleware for basic auth or use an existing one, and apply it to the protected routes. – Matthew Daly Nov 06 '17 at 13:54
  • 1
    the answers is yes. ps, http basic auth, while easy to implement, constantly sends the username and password in nigh-plaintext with every reuqest... – hanshenrik Nov 06 '17 at 14:01
  • It's only for use in an intranet so I think that's fine, thanks @hanshenrik – Codemonkey Nov 06 '17 at 14:09

0 Answers0