HTTP Basic authentication is a simple authentication technique for restricting access to web pages. User should provide username and password using a dialog in the web browser.
This tutorial provides example how to use HTTP Basic authentication in Symfony 7 application.
In Symfony application, HTTP basic authenticator is responsible to verify provided credentials. It can be configured in services.yaml file using http_basic parameter in the firewalls section.
config/packages/security.yaml
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: plaintext
providers:
in_memory_users:
memory:
users:
- identifier: '%env(HTTP_BASIC_AUTH_USERNAME)%'
password: '%env(HTTP_BASIC_AUTH_PASSWORD)%'
roles: [ ROLE_USER ]
firewalls:
main:
pattern: ^/
http_basic: ~
access_control:
- { path: ^/, roles: [ ROLE_USER ] }For simplicity, we use memory user provider with plain text password. Username and password can be provided in the .env file.
.env
HTTP_BASIC_AUTH_USERNAME=admin
HTTP_BASIC_AUTH_PASSWORD=pwd123We configured that authentication should be required for all URLs. The following controller can be used for testing:
src/Controller/TestController.php
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
class TestController extends AbstractController
{
#[Route('/')]
public function index(): Response
{
return new Response('Hi '.$this->getUser()?->getUserIdentifier());
}
}
Leave a Comment
Cancel reply