aboutsummaryrefslogtreecommitdiffstats
path: root/railties/doc/guides/source/actioncontroller_basics/http_auth.txt
blob: 7df0e635bff0b4b0f91e969d8c7f2c4e803c44c5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
== HTTP Basic Authentication ==

Rails comes with built-in HTTP Basic authentication. This is an authentication scheme that is supported by the majority of browsers and other HTTP clients. As an example, we will create an administration section which will only be available by entering a username and a password into the browser's HTTP Basic dialog window. Using the built-in authentication is quite easy and only requires you to use one method, link:http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic/ControllerMethods.html#M000610[authenticate_or_request_with_http_basic].

[source, ruby]
-------------------------------------
class AdminController < ApplicationController

  USERNAME, PASSWORD = "humbaba", "f59a4805511bf4bb61978445a5380c6c"

  before_filter :authenticate

private

  def authenticate
    authenticate_or_request_with_http_basic do |username, password|
      username == USERNAME && Digest::MD5.hexdigest(password) == PASSWORD
    end
  end

end
-------------------------------------

With this in place, you can create namespaced controllers that inherit from AdminController. The before filter will thus be run for all actions in those controllers, protecting them with HTTP Basic authentication.