Ruby on Rails

How to add Basic HTTP Authentication to a Ruby on Rails application

There is a certain stage in your application development process, where you need to prevent visitors from accessing the staging or the beta version of the app. To prevent unwanted access, a very basic HTTP authentication system should be added. Such a thing in Rails is extremely easy to add. This post is focused on authenticating access to all application parts.

The first thing to do, in order to add Basic HTTP Authentication in a Rails application, is to choose the controller you wish to handle the authentication. Also, choose a username and a password accordingly and add the following line on top of your Application Controller  (app/controllers/application_controller.rb):

class ApplicationController < ActionController::Base
  http_basic_authenticate_with name: 'admin', password: '12345'

After this change, each time someone tries to access the beta url of your application will be asked for credentials by the following authentication prompt:

Basic HTTP Authentication in Rails
Basic HTTP Authentication in Rails example.

By providing the correct authentication credentials, specified on the Application Controller, the visitor should be able to access the application.

I use this kind of Basic HTTP Authentication on beta versions of the applications I deliver. By using it, I prevent Google from crawling the app and unwanted visitors to access the application content at such an early stage. When the application is ready to go live you just remove the authentication line from the Application Controller and the app is broadly available.


Additional information: