We are going to deploy the new yiiframework.com website on March 23, 2018 from 8:00 to 12:00 UTC.
Website and Yii documentation will not be available in this time frame. Check the news for more details.


A filter for Yii providing HTTP basic authentication

This is a filter which allows specific controller actions or controllers as a whole to be protected via HTTP basic auth.

Note: Basic auth features no encryption or obfuscation beyond a base64 transport encoding. Usage of SSL is advised in order to ensure the confidentiality of login credentials.


  • Yii 1.0 or above


Copy the HttpAuthFilter.php file to your protected\components folder.

Modify the controller you wish to protect in a way that the filters() method starts of like this:

public function filters()
    return array(

Make sure the filter is the first in the list and does not cover actions that should be reachable by unauthenticated users (which were just cruel).

The following properties are available to modify the filter's behaviour:

  • realm: Specifies a descriptive text. Defaults to what Yii::app()->name returns. If you modify this, please make sure all characters fit into iso-8859-1.
  • authModel: The model to authenticate against. This defaults to LoginModel which is just right for freshly created applications. If you modify this, ensure the auth model features a login() method.
  • usernameAttribute: The auth model's attribute carrying the username. This should only worry you if your auth model is very different from the generated one (e.g. the attribute is "user" instead of "username")
  • passwordAttribute: The same as usernameAttribute. But for the password, instead.


Total 4 comments

#15182 report it
Da:Sourcerer at 2013/10/15 01:03pm
RE[2]: Thank you!

Hm, interesting idea. I'll consider it.

#15180 report it
limion at 2013/10/15 09:40am
RE: Thank you!

For example I want to provide for my clients the ability to choose the auth method they want. If I use your filter like on this page it will be hardcoded, but with


I could skip it

#15179 report it
Da:Sourcerer at 2013/10/15 09:07am
RE: Thank you!

Always glad to help :)

I'm not sure I fully understand the purpose of an enabled property. Can you describe a more elaborated use-case?

#15177 report it
limion at 2013/10/15 03:51am
Thank you!

You have saved my time! Thank you a lot :) P.S. It would by very useful if you add an "enabled" property. So one could have an ability to manage this filter from a some kind of "settings" action.

Leave a comment

Please to leave your comment.

Create extension