Exclude HTTP authentication from specific Controller

222 Views Asked by Paulo Rodrigues At 02 December 2014 at 12:53

I have an application made in CakePHP 2 that has a HTTP protection through .htaccess file. Already have an exception in a certain directory in webroot and works well.

AuthType Basic
AuthName "My Application"
AuthUserFile /my/application/path/.htpasswd
Require valid-user

SetEnvIf Request_URI "files/photos/" allow

Order allow,deny
Allow from env=allow
Satisfy any

But now also need an exception for a specific URL, which is a View of a certain Controller. I tried to simply add this line but it did not work, still requesting username and password.

SetEnvIf Request_URI "users/confirmation/" allow

I have UsersController and confirmation() method. The point is that one is a physical path and the other is "virtual".

Any idea for resolve this issue?

Original Q&A

There are 2 best solutions below

Paulo Rodrigues On 10 December 2014 at 10:41 BEST ANSWER

Solved by changing the lines containing the paths to be ignored by authentication:

SetEnvIf Request_URI "files/photos/" noauth=1
SetEnvIf Request_URI "users/confirmation/*" noauth=1

And then, adding the exception with the REDIRECT_ prefix:

Allow from env=REDIRECT_noauth

Fawkes On 02 December 2014 at 13:42

If you are using cakephp Auth then you can exclude some actions of controller from authentication. So write the line below in particular controller e.g. UsersController.

public function beforeFilter()
 {
  parent::beforeFilter();
  $this->Auth->allow('register','forgot_password','reset_password','password','login','logout');
 }

Actions written in allow() can be accessed even after there is no authentication. Pass nothing if want to allow whole controller. e.g. $this->Auth->allow();

Exclude HTTP authentication from specific Controller

There are 2 best solutions below

Related Questions in .HTACCESS

Related Questions in CAKEPHP

Related Questions in .HTPASSWD

Trending Questions

Popular # Hahtags

Popular Questions