-1

The scenario is I want to implement single sign on process in my web application, currently I have protected few folders using .htpasswd

Now when a user logs in to the system I want that they should get access to those protected folders as well without being asked for the username and password again by the broswer

Is there a way to achieve this

Sandhurst
  • 1,180
  • 5
  • 26
  • 40

2 Answers2

0

As far as I know, there is no such solution. You should use PHP's SESSIONS and a login interface to control user's access rather than .htpasswd .

Or you can make a file in a non-protected folder and do include protectedfolder/protected-file.php in that file and let users access it without getting prompted for password.

codefreak
  • 6,950
  • 3
  • 42
  • 51
0

You wouldn't be able to give users direct access to the files in the protected folders unless all of your users exist in .htpasswd file, and your web application uses the same realm and auth type (basic || digest). Since when using http auth to protect the folders, the username/password is sent on each request.

You could write code that was outside of the protected folders handled the authentication and then used fpassthru to send the files back though.

Doon
  • 19,719
  • 3
  • 40
  • 44
  • 1
    Yes, all my users do exist in .htpasswd file – Sandhurst Oct 18 '12 at 11:46
  • well you would need for the browser to hand the http auth credentials over on the request for the file. you can just build a link as https://username:password@sitename.com/path/to/protected/file.txt – Doon Oct 18 '12 at 11:49