Password Protection by UW NetID

Summary

Nearly all students, staff, and faculty have a UW NetID and password which they can use to access to UW network and computing services. You can restrict access to your Web site to only the specific UW NetIDs you authorize to have access. Since there are no passwords for you to generate and maintain, it is a simple way to protect your Web site.

Note: CGI and PHP script authors can read the REMOTE_USER environment variable to determine the specific UW NetID of each authenticated visitor.

Included on this page:

• Step-by-step Instructions
• Browser Requirements
• How It Works

Step-by-step Instructions

Simple instructions are available for the most common ways to password protect Web pages using UW NetIDs:

Authorizing Any Valid UW NetID
Provide access to anyone with a valid UW NetID.

Authorizing a Short List of UW NetIDs
Provide access to your own short list of UW NetIDs (e.g. 20 or fewer).

Authorizing by UW Group ID
Provide access to the members of a group in the UW Group Service.

Authorizing UW NetIDs by Groups
Define and maintain groups of UW NetIDs in a separate group file (.htgroup). Then provide access to the groups.

Authorizing UW NetIDs by Affiliation Type
Provide access to all UW NetIDs of a certain affiliation type. (eg. students, faculty or alumni)

Browser Requirements

Password protection by UW NetID requires two things of Web browsers:

• Cookies must be enabled.
  Web browsers must accept cookies in order to work with your UW NetID protected pages.

• Secure Sockets Layer (SSL) is required.
  Web browsers must support SSL in order to protect UW NetIDs and passwords in transit over the network. Non-SSL requests to your UW NetID protected pages will automatically be redirected to use SSL.

How It Works

Password protection by UW NetID is easy to apply to your Web site, but a variety of things (cookies, browser redirection, encryption) make it work. Here is a description of what happens when someone requests a file you have protected by UW NetID.

1. A request is made for a file you have protected by UW NetID authentication.

2. The server recognizes that the visitor hasn't authenticated and redirects them to the UW NetID "weblogin" service where they can enter their UW NetID and password.

3. If the UW NetID and password match, the user is redirected back to the original resource and a session cookie is set on the user's browser.

4. Now that the user has been authenticated, the original request is fulfilled, but only if you have authorized the specific UW NetID in your .htaccess file. The UW NetID is extracted by the server and placed into the REMOTE_USER environment variable for use by authors of CGI and PHP scripts.

5. The session cookie serves as a credential to authenticate the user on subsequent requests for other files in the same Web site.

UW Technology
help@u.washington.edu
Modified: February 6, 2009