|IIS basic authentication won't allow .php files|
| 2:29 pm on Jul 27, 2007 (gmt 0)|
I'm configuring my Windows 2003 server with basic authentication on a folder.
I've tested it with .asp files and .txt files, both of which when types into the browser prompt for a login/password which when entered, displays the file.
When I request a .php file within the same folder, with exactly the same permissions (all inherit from the parent folder), the login/password credentials don't authorise.
Other .php files outside of this "secure" folder work perfectly - I'm running a CubeCart installation and have no problems like this anywhere else.
Is there something I need to do to allow IIS Basic Authentication on PHP files?
| 4:41 pm on Jul 27, 2007 (gmt 0)|
It doesn't sound as though this is your problem, per se, but this information on the PHP Web site may give you some other considerations:
Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.
Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
IIS Note:: For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).
Is it possible that for some reason IIS attempts to process the PHP files in the directory prior to initiating the Authentication?
This is just one of the many reasons I prefer LAMP setups. ;)
Hope this helps,
| 8:46 am on Jul 30, 2007 (gmt 0)|
Thanks that's given me something to work with however I'm not sure this is correct, can you confirm?
|In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked. |
That would have the opposite effect to what I'm trying to achieve - I want to have the login/password prompt to appear on all http requests to a folder on the server.
To do that, I've turned OFF anonymous access and checked "Basic authentication (password is sent in clear text)".
This works for .txt and .asp files within the folder but not .php files (I get the login/password prompt but access is denied on entering the correct credentials).
| 3:52 pm on Jul 30, 2007 (gmt 0)|
|That would have the opposite effect to what I'm trying to achieve - I want to have the login/password prompt to appear on all http requests to a folder on the server. |
You are correct - the information that I had posted relates to using PHP Authentication, so they are making sure that the server authentication is not used. I was hoping that there may have been some other settings in that area that would cause the "oh, duh!" moment that will fix the problem.
The php file that you are trying to access doesn't process the authentication variables ($_SERVER['PHP_AUTH_USER']), correct?
| 4:59 pm on Jul 30, 2007 (gmt 0)|
Ah, I see now.
No the php file contents doesn't seem to matter - a simple
<?php echo "hello world";?> is enough to cause problems.
| 12:57 pm on Aug 1, 2007 (gmt 0)|
Anyone else got any ideas?