2
I'm developing a simple website with two levels of authentication: viewer and admin. Everything accessible to viewer should be accessible to admin but not the other way around. I'm using apache basic authentication.
Folder structure is basically:
/var/www/html/ <-- viewable to world
/var/www/html/viewer
/var/www/html/admin
When I visit content inside /admin, browser asks for credentials as expected. However, if I visit /viewer right after, browser again asks for credentials. I already provided admin credentials, so it's inconvenient.
Relevant portion of site config file, and group file, is below. How can I rework this, or the site folder structure, to remove this annoyance?
.htgroup file:
Viewers: viewer admin
Administrators: admin
Site file:
<Directory "/var/www/html/viewer">
AuthType Basic
AuthName "Please enter Viewer username and password:"
AuthBasicProvider file
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /etc/apache2/.htgroup
Require group Viewers Administrators
</Directory>
<Directory "/var/www/html/admin">
AuthType Basic
AuthName "Please enter Admin username and password:"
AuthBasicProvider file
AuthUserFile /etc/apache2/.htpasswd
AuthGroupFile /etc/apache2/.htgroup
Require group Administrators
</Directory>
Aulis, thanks for the response. I reconfigured the security as such. But I have the same problem. When I visit something inside /admin, I supply admin credentials as expected. But when I then visit something inside /viewer, browser prompts again for credentials. My expectation and desire is that it should not. (I did set up my administrators group to include viewer and admin). – Henry – 2019-08-08T18:15:12.907
Hmmm... Unexpected. Could you please edit your question to include the changes you have made? So I can see what problem is. Thank you. – Aulis Ronkainen – 2019-08-08T18:16:33.327
I've done so, see above. Appreciate the help.
Would it make a difference if I nest /admin directory inside /viewer? – Henry – 2019-08-09T14:13:18.833
I thought it wouldn't make a difference, but you should try that. If that doesn't work either, you probably need to implement user access control to your application. – Aulis Ronkainen – 2019-08-24T05:38:33.377