Apache 2.3/2.4 has mod_auth_form that allows to display a HTML form for users to login. Can I, instead of using a plain HTML form use an application server to provide the form (J2EE, node.js, PHP, Vert.x etc) and the authentication logic and just return the session cookie (how would that need to look like?)
Asked
Active
Viewed 2,253 times
1 Answers
2
Yes. But you need to use input fields with name = httpd_username and httpd_password (and .htaccess rights as well)
/secret/path/.htaccess
AuthFormLoginRequiredLocation /login.html AuthFormLoginSuccessLocation /secret/path/ AuthFormProvider file AuthUserFile /before/www/root/.htpasswd AuthType form AuthName "My server!" Session On SessionCookieName session path=/secret/path/ SessionCryptoPassphrase SomEtH1n9
/logout/.htaccess
AuthName "My server!" AuthFormLogoutLocation /logout/ Session On SessionCookieName session path=/secret/path/ SessionCryptoPassphrase SomEtH1n9
p.s.: don't use "secret" word from Apache Docs as a passphrase ;)
cyberchimera
- 21
- 3
-
Could you elaborate your answer? the .htaccess file above points to a file system based html file - that's not the question. I'm looking for a transparent way - Apache gets the cookie and it is up to the app server how it was created (e.g. 2FA or a game played) – stwissel Aug 26 '14 at 06:08