I'm fighting with Apache on a Windows 2000 Server. I have a website where I want to restrict a subdirectory. I've tried this 2 ways, without luck.

In both cases, no matter where I visit on the website, I get prompted for a password. If I cancel the password request on the website's root I can access the site ok. When I go to the protected sub dir, I am prompted again, but this time I must enter the valid user/password for it to work.

In a nutshell my sub-dir is properly protected, but the higher levels still display userid/password prompts. why? Could this be an Apache(win32) bug? I am using apache 2.0.54

Here's my attempt using httpd.conf and the directory directive. .htaccess is empty.

<Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding">
AuthType Basic
AuthName "testing it."
AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
Require valid-user
</Directory>

Here's what I do when trying it with .htaccess.

httpd.conf.
<Directory "C:/Program Files/Apache Group/Apache2/htdocs/thewedding">
AllowOverride AuthConfig
Options FollowSymLinks
</Directory>

.htaccess is located in the subdirectory I wish to protect

AuthType Basic
AuthName "testing it."
AuthUserFile "C:/Program Files/Apache Group/Apache2/conf/passwords"
Require valid-user

Any help is greatly appreciated.

Thanks.