how to disable http_auth on a single zend controller

Question

Hey All,

Project which I am currently working is developed using ZF and dojo. For our Development and Production server we have basic user authentication which is handled using apache's virtual host config file (by having users and password files). When we type the server URL, it will pop-up the authentication window. It is working well.

We have following controllers in our project.

1. Index
2. profile
3. Error
4. Signoff

But now our client has come up with a new requirement that only for "Signoff Controller", they would like to allow access to everyone in the network without any authentication. But if they try to access other controllers it should ask for user authentication.

Kindly let me know your thoughts about solving this issue either by using .htaccess( apache URL rewrite ) or ZF classes if any.

Answer 1

You should probably try to set this up in Zend as it will give you a more flexible setup.

// just a simple example to get you started
$config = array(
    'accept_schemes' => 'basic digest',
    'realm'          => 'My Web Site',
    'digest_domains' => '/members_only /my_account',
    'nonce_timeout'  => 3600,
);

$adapter = new Zend_Auth_Adapter_Http($config);

Check out more on the Zend Manual on different types of auth.