Digest Authentication in Node.js with Http-Auth

Follow the instructions below to run a simple web server that requires a test user to log in using a password, which is then checked against a text file that contains encrypted password hashes for each user of the system.

The code in this post is almost identical to that in the previous post, but it uses “digest” authentication rather than “basic” authentication to avoid the possibility of passing passwords across the network in plain text. According to some sources, this method of authentication may still be vulnerable to replay attacks.


1. If you have not already done so, download and install Node.js.

2. In any convenient location, create a new directory named “AuthenticationTest”.

3. Open a command prompt session and navigate to the newly created AuthenticationTest directory.

4. In the command prompt, run the following commands and verify that the installation completes with no errors.

npm install http
npm install http-auth

5. Still in the command prompt, run the following commands and verify that they complete with no errors. Specify the password “MyPassword” twice when prompted. The commands install a password-setting utility and use that utility to create a new user named “MyUsername” in the “Users” realm.

npm install -g htdigest
htdigest -bc htdigest Users MyUsername

6. In the AuthenticationTest directory, create a new text file named “AuthenticationServer.js”, containing the following text:

var http = require("http");
var http_auth = require("http-auth");

var hostAddress = ""; // localhost
var portNumber = 1337;

var authenticator = http_auth.digest
		// realm: "Users", // The default.
		file: __dirname + "/htdigest",

var server = http.createServer
	function (request, response)
			200, // OK
			{"Content-Type": "text/plain"}
		response.write("Welcome, " + request.user + "!");

server.listen(portNumber, hostAddress);

	"Server running at http://" 
	+ hostAddress + ":" 
	+ portNumber + "/"

7. In the command prompt, run the following command. Leave the window open and the program running.

node AuthenticationServer.js

8. Open a web browser and navigate to “localhost:1337”. Enter the username and password specified in a previous step (“MyUsername” and “MyPassword”). Verify that a message is displayed greeting the user by name.

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

One Response to Digest Authentication in Node.js with Http-Auth

  1. Alistair MacDonald says:

    FYI: Your code not work when you comment out the realm as you have done in your example. Perhaps this is a change in the node package http-auth.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s