Knowledgebase
Home » Item #990
Setting up basic authentication on Cactusoft hosting
Question
My payment gateway requires I protect the callback with basic authentication. How do I set this up on my CactuShop hosting?
Answer
Basic authentication is a standard way to password protect a folder on a web site. It results in a popup box that asks for a username and password. Failure to provide valid credentials leads to an authentication error message that the user is 'not authorized' to view the page.
Firstly, basic authentication should not be added to the root of a CactuShop web to protect the callback.asp script, because this will also prevent the rest of the site from being accessed. Instead, CactuShop v6.1 onwards provides special 'proxy' scripts in the payment/proxy/ folder for both Google Checkout and Barclays EPDQ. For more information about the reasons for this, please see the PDF manual.
Typically in Windows hosting, it is not possible to setup basic authentication via FTP. However, our hosting has the IISPassword authentication component installed which enables this, mimicking the behaviour of Unix servers.
To setup basic authentication on the payment/proxy/ folder, do the following:
1. Create a file in notepad called .htaccess. You will probably find that Windows will not let you name it this, and will insist on putting .txt at the end. If so, accept that and then remove that extension from the name after you have FTPed it to the site. Similarly for the .htpasswd file.
Include the following (case sensitive) in the .htaccess file:
AuthName Secure
AuthUserFile d:\websites\<username>\data\.htpasswd
Require valid-user
Note that the <username> should be replaced with your hosting username that was supplied to you.
Save this file to the directory you wish to protect, i.e. payment/proxy/
2. Go to this Google Checkout htaccess generator or similar password generation site.
Create a file in notepad called .htpasswd and paste in the user/pass details obtained from the above site and save this file to the "data" directory.
Your directory is now secured using the username/password(s) you have generated.
To add additional users simply edit the .htpasswd file. Each user must be on a separate line.