4

In a project using Symfony 2.8.14 I am using a very basic setup to enable basic HTTP Authentication in Symfony as described in http://symfony.com/doc/2.8/security.html

security.yml

security:

    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        in_memory:
            memory:
                users:
                    myuser: { password: mypassword, roles: 'ROLE_USER' }

    firewalls:
        default:
            anonymous: ~
            http_basic: ~

    access_control:
        - { path: ^/myroute, roles: ROLE_USER }

When accessing /myroute on my local server I am prompted with the HTTP basic auth prompt. However, after entering the correct credentials, it just keeps showing me the prompt.

On a remote server there will be infinite "redirects" to the same route with a 401 status code after entering the correct credentials.

Both servers are running Apache 2.4 with PHP via FastCGI. There are other threads suggesting to add

# Sets the HTTP_AUTHORIZATION header removed by apache
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

to the /web/.htaccess due to a specific problem with Apache running PHP via FastCGI. However, this is already incorporated into the symfony/standard-edition (and is also present in my .htaccess).

I don't know what else to try.

Improve this question

3 Answers 3

Reset to default
5

One of the notes on http://php.net/manual/en/features.http-auth.php suggested adding this:

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

That helped. It appears the default .htaccess config of the symfony/standard-edition is not enough (at least in some Environments).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Try specify this under firewalls:

firewalls:
    default:
        pattern:      ^/myroute
        anonymous: false
        provider: in_memory

Hope this help

Improve this answer

Comments

-1

You have to do this (go to new line)

providers:
    in_memory:
        memory:
            users:
                myuser:
                    { password: mypassword, roles: 'ROLE_USER' }

or you can also explose the array like this

providers:
    in_memory:
        memory:
            users:
                myuser:
                    password: mypassword
                    roles: 'ROLE_USER'

Otherwise myuser is considered as a string with value "{ password: mypassword, roles: 'ROLE_USER' }"

Improve this answer

5 Comments

No, you don't have to do a new line when you use the curly brackets. The problem was something else entirely (see answer).
I just tried it myself yesterday and it didn't work until i inserted a new line !
Must have been some other problem. New lines are not required in YAML when using any kind of brackets: symfony.com/doc/current/components/yaml/yaml_format.html
Well i had use your security.yml and it just worked with a new line.
Did your server environment use Apache with PHP running via FastCGI?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.