| Author |
|
charliekilian
Newbie
Joined: 13 July 2010
Location: United States
Online Status: Offline
Posts: 4
|
| Posted: 13 July 2010 at 11:20am | IP Logged
|
|
|
I am trying to get Helicon Ape working with IIS. At the moment I am struggling with getting .htpasswd authentication to work.
On my test server, I installed IIS and then ran all Windows Updates. I then installed Helicon Ape, which reported no errors. Next, I configured a website (in this case, www.chastainotis.com) in IIS. Finally, I mapped the wildcard handler to c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll, making sure to uncheck the "Verify that file exists" box.
I also went in to IIS Manager, went to the Directory Security tab, and
made sure "Basic authentication" is the only enabled authentication
option.
I put the .htaccess and .htpasswd files in place. (They are included at the end of this post.) When I load the website in my web browser, it does prompt me for a password, but it never authenticates the user.
In the error log, I see this:
[7/13/2010 10:58:47 AM] [LicenseManager] Trial days left 0
[7/13/2010 10:58:47 AM] [mod_core_context] (8) [/Admin/] ConfigFactory.LoadHtaccess:
[7/13/2010 10:58:47 AM] [mod_core_context] (8) [/Admin/] ConfigFactory.LoadHtaccess: c:\inetpub\wwwroot\chastainotis.com\www\admin\.htaccess
[7/13/2010 10:58:47 AM] [authn_file_module] (8) [/Admin/] AuthUserFile: C:\inetpub\wwwroot\chastainotis.com\www\Admin\.htpasswd
[7/13/2010 10:58:47 AM] [authn_file_module] (8) [/Admin/] user otis added
[7/13/2010 10:58:47 AM] [authn_file_module] (8) [/Admin/] user test added
[7/13/2010 10:58:47 AM] [auth_basic_module] (8) [/Admin/] Authorization header not found
I'm concerned about the top line and the bottom line. I only installed this software today, so I don't think it should be a license issue. (Granted, it was on a virtual machine, and after I encountered some problems, I rolled back to a previous snapshot back and installed again -- but the original install was yesterday.) As for the "Authorization header not found" line, I am not sure what that means. Searching the forums didn't produce anything helpful.
Here are my configuration files. Is there anything else I need to supply to help you help me?
.htaccess:
AuthType Basic
AuthName Title
AuthBasicProvider file
AuthUserFile C:\inetpub\wwwroot\chastainotis.com\www\Admin\.htpasswd
Require valid-user
.htpasswd:
otis:Bsky39VBv5C.A
test:$apr1$nqrk6...$qPQYlf4nqeWaRQgNehUwI1
|
| Back to Top |
|
| |
charliekilian
Newbie
Joined: 13 July 2010
Location: United States
Online Status: Offline
Posts: 4
|
| Posted: 13 July 2010 at 11:21am | IP Logged
|
|
|
One more thing. Here is my httpd.conf file.
# Helicon Ape core configuration
#Automatically generated license file
Include licenses.conf
##----------------------------------------------------------------------
##
## The following code enables most detailed logging for Ape
##
Loglevel debug
ErrorLog error.log
#force Ape to ignore syntax errors in config
Options -StopOnError
##----------------------------------------------------------------------
##
## Read more about supported modules here http://www.helicontech.com/ape/doc/overview.htm
##
#LoadModule authz_host_module modules/mod_authz_host.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_default_module modules/mod_authz_default.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dir_module modules/mod_dir.so
#LoadModule disk_cache_module modules/mod_mem_cache.so
#LoadModule developer_module modules/mod_developer.so
#LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule gzip_module modules/mod_gzip.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule hotlink_module modules/mod_hotlink.so
#LoadModule linkfreeze_module modules/mod_linkfreeze.so
#LoadModule log_config_module modules/mod_log_config.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule replace_module modules/mod_replace.so
#LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule seo_module modules/mod_seo.so
##----------------------------------------------------------------------
##
## The following code enables most detailed logging for mod_rewrite
##
#RewriteLog rewrite.log
#RewriteLogLevel 9
##----------------------------------------------------------------------
##
## The following code hides .htaccess and .htpasswd files from sites visitors.
##
#
#<FilesMatch "^\.ht">
# Order allow,deny
# Deny from all
# Satisfy All
#</FilesMatch>
##----------------------------------------------------------------------
##
## Use htaccess.txt instead of .htaccess
## put it in the httpd.conf
##
#AccessFileName htaccess.txt
##----------------------------------------------------------------------
##
## Basic Authentication for the folder
##
#<Directory c:\inetpub\wwwroot\admin\>
# AuthType Basic
# AuthName "secret area"
# AuthBasicProvider file
# AuthUserFile c:\inetpub\.htpasswds
# Require valid-user
#</Directory>
##----------------------------------------------------------------------
##
## MD5 Digest Authentication
##
#<Location /private/>
# AuthType Digest
# AuthName "private area"
# AuthDigestDomain /private/ http://www.domain.com/myprivate/
# AuthDigestProvider file
# AuthUserFile c:/inetpub/passwords/.digest_pwd
# Require valid-user
#</Location>
##----------------------------------------------------------------------
##
## Enable memory-based cache for php files
##
#<Files *.php>
# ExpiresActive On
# ExpiresByType text/html "access 1 hour"
# CacheEnable mem
#</Files>
##----------------------------------------------------------------------
##
## Force Ape account for trailing slash redirects and index files
##
#DirectoryIndex index.html index.asp index.php
#DirectorySlash On
##----------------------------------------------------------------------
##
## Cache all cacheable content to the disk
##
## please create this folder before using
#CacheRoot c:\inetpub\cache
#SetEnv cache-enable disk
##----------------------------------------------------------------------
##
## Prevent ddos attacks
##
#<IfModule evasive_module>
# DOSPageCount 10
# DOSSiteCount 150
# DOSPageInterval 1
# DOSSiteInterval 1
# DOSBlockingPeriod 10
#</IfModule>
##----------------------------------------------------------------------
##
## Enable smart expiration
##
#ExpiresActive On
## html expires in a 2 hour
#ExpiresByType text/html A7200
## css expires in a 4 hour
#ExpiresByType text/css A14400
##----------------------------------------------------------------------
##
## The following code enables caching and compression for all static files
## accounting for browser peculiarities
##
#Include smart_gzip_compression.conf
##----------------------------------------------------------------------
##
## Stop hotlinking
##
#SetEnv mod_hotlink
#<Files *.pdf>
# HotlinkProtect /pdf [ Link, ParamName=hlb ]
#</Files>
#----------------------------------------------------------------------
##
## Enable Linkfreeze
##
#SetEnv mod_linkfreeze
#LinkFreezeRule --- "aspx=htm" [ AbsLinks,MoveExt ]
##----------------------------------------------------------------------
##
## Enable cache in-memmory
##
#<LocationMatch "/|/index.php">
# SetEnv cache-enable mem
#</LocationMatch>
##----------------------------------------------------------------------
##
## Enable proxying /accounts/ application to internal server
##
#<Location /accounts/>
# ProxyPass http://internal.company.com/accounts/
# ProxyPassReverse http://internal.company.com/accounts/
# ProxyPassReverseCookieDomain internal.company.com www.company.com
#</Location>
##----------------------------------------------------------------------
##
## Common rule for cms systems
##
#RewriteEngine on
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule (.*) /index.php [NC,L,NS]
##----------------------------------------------------------------------
##
#Header append Server "enhanced by Helicon Ape/3.0"
|
| Back to Top |
|
| |
charliekilian
Newbie
Joined: 13 July 2010
Location: United States
Online Status: Offline
Posts: 4
|
| Posted: 13 July 2010 at 11:55am | IP Logged
|
|
|
It seems I have solved my own problem. I read this post, which documents a similar problem:
http://www.helicontech.com/forum/14422-Securing_Folder_with_APE.html
In my case, the key was that I still had "Basic authentication (password is sent in clear text)" checked. To change it, go into IIS Manager, right click on the website, choose Properties, click on the Directory Security tab, in the "Authentication and access control" section, press the Edit button. Then uncheck everything except "Enable anonymous access".
I think the problem must have been that IIS was fighting Helicon Ape for control of the authentication process. But I'm not really sure. Anyway, the original problem works now.
I am having another problem now: Old .htpasswd files from another server don't authenticate. Part of my goal in evaluating Helicon Ape is to replace IISPassword. Password files (.htpasswd) that worked fine under IISPassword aren't working with Helicon Ape. For example, here is my .passwd file:
otis:Bsky39VBv5C.A
test:$apr1$nqrk6...$qPQYlf4nqeWaRQgNehUwI1
The first line was generated with a tool found on the web, and works fine with IISPassword but not with Ape. The line was generated with Helicon Ape Manager. It authenticates fine with Ape. Both passwords are the same: "scalific" -- without the quotes, of course.
Any ideas how to resolve this?
|
| Back to Top |
|
| |
charliekilian
Newbie
Joined: 13 July 2010
Location: United States
Online Status: Offline
Posts: 4
|
| Posted: 13 July 2010 at 12:00pm | IP Logged
|
|
|
Here is the website I'm using to generate .htpasswd files:
http://home.flash.net/cgi-bin/pw.pl
Going forward, I can always use Helicon's Ape Manager tool. However, I must also support the many sites we already have in place that have .htpasswd files created with other tools.
|
| Back to Top |
|
| |
Vyacheslav
Admin Group
Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 1542
|
| Posted: 14 July 2010 at 2:37am | IP Logged
|
|
|
Hello,
As regarding the first issue I can confirm that you should disable all IIS authentications. Otherwise there may be conflicts.
You may generate passwords by Helicon Ape Manager. Unfortunately we don’t support IISPassword format yet, for we were oriented on Apache. But I discussed the case with developers and I’m sure we’ll support IISPassword format in further builds of Ape.
Thank you for using our software.
__________________
Slavik Shynkarenko,
Helicon Tech.
|
| Back to Top |
|
| |
Vyacheslav
Admin Group
Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 1542
|
| Posted: 05 August 2010 at 7:33am | IP Logged
|
|
|
Hello,
We’ve just released a new build of Helicon Ape which supports IISPassoword format. Please check it out.
Thanks.
__________________
Slavik Shynkarenko,
Helicon Tech.
|
| Back to Top |
|
| |
floho
Newbie
Joined: 09 January 2012
Online Status: Offline
Posts: 1
|
| Posted: 09 January 2012 at 9:45am | IP Logged
|
|
|
charliekilian wrote:
To change it, go into IIS Manager, right click on the website, choose Properties, click on the Directory Security tab, in the "Authentication and access control" section, press the Edit button. Then uncheck everything except "Enable anonymous access".
|
|
|
Windows Server 2003, the tip from charliekilian is working. But every time, when I'm restarting the IIS-Server, the setting goes back to the default. Anybody have an idea, how i can stop this "reset"?
|
| Back to Top |
|
| |
|
|
Helicon Tech : Helicon Ape
Topic: Helicon Ape on IIS6: .htpasswd problem
Active Topics
Memberlist
Help
Register
Login