Password Protection by UW NetID
- On This Page
- Step-by-step Instructions
- Browser Requirements
- How It Works
- Combining Authorization Methods
Nearly all students, staff, and faculty have a UW NetID and password which they can use to access to UW network and computing services. You can restrict access to your Web site to only the specific UW NetIDs you authorize to have access. Since there are no passwords for you to generate and maintain, it is a simple way to protect your Web site.
Note: CGI and PHP script authors can read the REMOTE_USER environment variable to determine the specific UW NetID of each authenticated visitor.
Simple instructions are available for the most common ways to password protect Web pages using UW NetIDs:
Authorizing Any Valid
Provide access to anyone with a valid UW NetID.
Authorizing a Short
List of UW NetIDs
Provide access to your own short list of UW NetIDs (e.g. 20 or fewer).
Authorizing by UW Group
Provide access to the members of a group in the UW Group Service.
Authorizing Participants in a
Provide access to participants in a specific UW course or courses.
Authorizing UW NetIDs
Define and maintain groups of UW NetIDs in a separate group file (.htgroup). Then provide access to the groups.
NetIDs by Affiliation Type
Provide access to all UW NetIDs of a certain affiliation type. (eg. students, faculty or alumni)
Password protection by UW NetID requires two things of Web browsers:
Cookies must be enabled.
Web browsers must accept cookies in order to work with your UW NetID protected pages.
Secure Sockets Layer (SSL) is required.
Web browsers must support SSL in order to protect UW NetIDs and passwords in transit over the network. Non-SSL requests to your UW NetID protected pages will automatically be redirected to use SSL.
Password protection by UW NetID is easy to apply to your Web site, but a variety of things (cookies, browser redirection, encryption) make it work. Here is a description of what happens when someone requests a file you have protected by UW NetID.
A request is made for a file you have protected by UW NetID authentication.
The server recognizes that the visitor hasn't authenticated and redirects them to the UW NetID "weblogin" service where they can enter their UW NetID and password.
If the UW NetID and password match, the user is redirected back to the original resource and a session cookie is set on the user's browser.
Now that the user has been authenticated, the original request is fulfilled, but only if you have authorized the specific UW NetID in your .htaccess file. The UW NetID is extracted by the server and placed into the REMOTE_USER environment variable for use by authors of CGI and PHP scripts.
The session cookie serves as a credential to authenticate the user on subsequent requests for other files in the same Web site.
The authorization methods described above can be combined on a 'require' line by using the operators AND and OR. Each type of authorization must be referred to before listing the required identifiers.
Here's an example of allowing anyone who is either in a course or in a short list of UW NetIDs to view a site.
require course AUT2009.12345 OR user ted edna steve
This method can be used with any combination of authorization methods requiring UW NetIDs for authorization.
It is more common to use OR for this purpose, as using AND would require users to be in both the course and the short list in order to access the authorized content.