DIYables ESP32 Web Server Authentication Example
ESP32 - Web Server with Basic Authentication
This example demonstrates how to create a secure web server with HTTP Basic Authentication on ESP32 using the DIYables_ESP32_WebServer library.
Hardware Used In This Tutorial
Or you can buy the following kits:
| 1 | × | DIYables ESP32 Starter Kit (ESP32 included) | |
| 1 | × | DIYables Sensor Kit (30 sensors/displays) | |
| 1 | × | DIYables Sensor Kit (18 sensors/displays) |
Disclosure: Some of the links in this section are Amazon affiliate links, meaning we may earn a commission at no additional cost to you if you make a purchase through them. Additionally, some links direct you to products from our own brand, DIYables .
Features Demonstrated
- ✅ HTTP Basic Authentication
- ✅ Username and password protection
- ✅ Browser-native login dialogs
- ✅ Secure access control
- ✅ Simple authentication setup
- ✅ Backward compatibility (authentication optional)
Circuit Diagram
No additional wiring required - this example uses only the built-in LED and WiFi functionality of the ESP32.
Code Example
/*
* ESP32 - Simple Web Server with Basic Authentication
*
* This example demonstrates basic authentication using the DIYables_ESP32_WebServer library.
* Adapted from the simple WiFi authentication example structure.
*
* Hardware: ESP32
* Library: DIYables_ESP32_WebServer (with Basic Authentication support)
*/
#include <DIYables_ESP32_WebServer.h>
// WiFi credentials
const char WIFI_SSID[] = "YOUR_WIFI_SSID";
const char WIFI_PASSWORD[] = "YOUR_WIFI_PASSWORD";
// Authentication credentials
const char* www_username = "admin";
const char* www_password = "esp32";
// Create web server instance
DIYables_ESP32_WebServer server;
// HTML page content
const char* LOGIN_SUCCESS_PAGE = R"(
<!DOCTYPE HTML>
<html>
<head><title>ESP32 Web Server</title></head>
<body>
<h1>Login Successful!</h1>
<p>You are now logged in.</p>
<p>Server running with DIYables_ESP32_WebServer library</p>
</body>
</html>
)";
// Main page handler
void handleRoot(WiFiClient& client, const String& method, const String& request, const QueryParams& params, const String& jsonData) {
server.sendResponse(client, LOGIN_SUCCESS_PAGE);
}
void setup() {
Serial.begin(9600);
delay(1000);
String fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION)
Serial.println("Please upgrade the firmware");
Serial.print("Attempting to connect to SSID: ");
Serial.println(WIFI_SSID);
// Configure the main route
server.addRoute("/", handleRoot);
// Start server with WiFi connection (handles connection automatically)
server.begin(WIFI_SSID, WIFI_PASSWORD);
// Enable basic authentication
server.enableAuthentication(www_username, www_password, "ESP32");
Serial.print("IP Address: ");
Serial.println(WiFi.localIP());
Serial.println("Server ready with authentication enabled");
Serial.print("Username: ");
Serial.println(www_username);
Serial.print("Password: ");
Serial.println(www_password);
}
void loop() {
// Handle all client requests (including authentication)
server.handleClient();
}
How It Works
1. Authentication Setup
The example enables HTTP Basic Authentication with:
server.enableAuthentication(www_username, www_password, "ESP32");
2. Automatic Protection
Once authentication is enabled, all routes are automatically protected. Users must provide valid credentials to access any page.
3. Browser Integration
When users visit the web server:
- Browser displays a login dialog
- User enters username and password
- On success: Page loads normally
- On failure: 401 Unauthorized page is shown
4. Credential Storage
Browsers cache credentials for the session, so users don't need to log in repeatedly.
Security Considerations
✅ Suitable For:
- Home networks and trusted environments
- Internal IoT devices
- Development and prototyping
- Educational projects
⚠️ Limitations:
- Credentials are Base64 encoded, not encrypted
- No HTTPS support (ESP32 platform limitation)
- Single username/password combination
- Not suitable for production use over public networks
🔒 Best Practices:
- Change default credentials immediately
- Use only on trusted networks
- Consider additional network security (VPN, firewall)
- For high-security applications, add additional authentication layers
Testing the Authentication
- Upload the code to your ESP32
- Open Serial Monitor to see the IP address
- Visit the IP address in your web browser
- Login dialog appears - enter credentials:
- Username: admin
- Password: esp32
- Success page loads after authentication
Customization Options
Change Credentials
const char* www_username = "myuser";
const char* www_password = "mysecretpass";
Custom Realm
server.enableAuthentication(www_username, www_password, "My Custom Device");
Disable Authentication
server.disableAuthentication(); // Make all routes public
Check Authentication Status
if (server.isAuthenticationEnabled()) {
Serial.println("Authentication active");
}
Backward Compatibility
Authentication is disabled by default, so existing code continues to work without modification. Enable authentication only when needed:
// This works exactly as before (no authentication)
DIYables_ESP32_WebServer server;
server.addRoute("/", handleRoot);
server.begin("WiFi", "Password");
// Add this line to enable authentication
server.enableAuthentication("admin", "password123");
Troubleshooting
Browser Keeps Asking for Credentials
- Check username/password for typos
- Clear browser cache/cookies
- Verify credentials match exactly
Cannot Access Any Pages
- Authentication protects ALL routes when enabled
- Use server.disableAuthentication() to test
- Check Serial output for authentication messages
Authentication Not Working
- Ensure enableAuthentication() is called after server.begin()
- Verify credentials are within length limits (31 characters max)
- Check for special characters in passwords
Related Examples
- Web Server Example - Basic multi-page web server
- Web Server with Query Strings - Dynamic content with parameters
- Web Server with WebSocket - Real-time communication
References
- Authentication Documentation - Complete authentication reference
- DIYables_ESP32_WebServer Library Reference - Full API documentation