Home/ Questions/Q 6645127
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T00:14:53+00:00

I use Symfony Standard 2.0.0BETA1 and tried to configure http_basic authentication exactly the same

  • 0

I use Symfony Standard 2.0.0BETA1 and tried to configure http_basic authentication exactly the same as in this book chapter

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

providers:
    main:
        users:
            foo: { password: testing, roles: ROLE_USER }

firewalls:
    main:
        pattern:    /.*
        http_basic: true
        logout:     true

access_control:
    - { path: /.*, role: ROLE_USER }

Problem is when I try to open a page and i submit user name “foo” and password “testing” it simply loops and ask me for credential infinitely or display error page.

Steps to reproduce issue:

  1. Copy security configuration from http://symfony.com/doc/current/book/security/overview.html#configuration and past it to security.yml file
  2. Refresh app home page
  3. Enter valid credentials

Expected behavior is to see home page but instead credentials prompt is shown.

Does anyone know why that happens and how to fix it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The http basic authentication is broken with PHP as cgi/fastCGI under Apache

    There is a workaround:

    app_dev.php

    if( !isset($_SERVER['PHP_AUTH_USER']) )
{
    if (isset($_SERVER['HTTP_AUTHORIZATION']) && (strlen($_SERVER['HTTP_AUTHORIZATION']) > 0))
    {
        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
        if( strlen($_SERVER['PHP_AUTH_USER']) == 0 || strlen($_SERVER['PHP_AUTH_PW']) == 0 )
        {
            unset($_SERVER['PHP_AUTH_USER']);
            unset($_SERVER['PHP_AUTH_PW']);
        }
    }
}

    web/.htaccess

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] 
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ app.php [QSA,L]
</IfModule>

    Source: symfony github issue

    • 0