0

Can someone point me in the right direction in regards to making an api use basic http authentication?

I am creating a restful api with symfony but would like to require users to be logged in to get certain data. I would also like many of these methods be dependent on the the username in the authentication process in order to get some of the data (using the username from the credentials to get all of a users friends)

Thanks!

Improve this question

1 Answer 1

Reset to default
1

Something like this:

function send401() {
    $realm = "Credentials for site xxx";
    header("HTTP/1.0 401 Authorization Required")
    header('WWW-Authenticate: Basic realm="'.$realm.'"');
    die();
}


if (!array_key_exists('PHP_AUTH_USER',$_SERVER) ||
        !array_key_exists('PHP_AUTH_PW',$_SERVER)) {
    send401();
}
else {
    $res = authenticate_user($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
    if (!$res)
        send401();
}

The username is stored in $_SERVER['PHP_AUTH_USER'].

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is also possible with Symfony2 configuration. Search for http_basic and stateless on symfony.com/doc/current/book/security.html . I'm not sure when this configuration-based approach was made possible with Symfony2.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.