[ List Archives Home ] [ Thread index for 2008 ]
[ Date index for 2008 ]
[ Author index for 2008 ]
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
David,
Yes it is possible to have a web page that requires authentication. We use such pages for serving up usernames and passwords for those database vendors that don't use IP authentication (groan).
Here's what I do to set up that page:
1. Create the web page and copy it to a folder on the web site.
2. Create an .htaccess file that only allows the catalog (or IP of the catalog) to gain access to the folder. Copy it to the folder with the web page above. (sample below)
3. Create the WAM table entry:
a. The base URL is what ever your web server address is. In our case it's www.marquette.edu or I can also use www2.mu.edu (which was an alias our campus IT created years ago).
b. Since everyone has to authenticate set the verification level at least one level higher than normal. Most of our database service and verification levels are set at 5 & 6 respectively. When everyone needs to authenticate I set the verification level to 7.
C. Restart the proxy and world wide web processes.
4. Create the link to the web page using the proxy components (0-, catalog address). Example:
http://0-www.marquette.edu.libus.csd.mu.edu/library/ebooks/Rahner.pdf Try this link with and without the proxy components to see what happens.
Sample .htaccess file
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName FileAccess
AuthType Basic
<Limit GET>
order deny,allow
deny from all
allow from (your catalog here either by name or IP address)
</Limit>
In the above sample do not include the parenthesis. Each "allow" statement should be on a separate line. In specifying IP addresses you can include a range of IPs by not including the last octet. For example 123.45. would allow any IP beginning with 123.45 (123.45.0 through 123.45.255)
Hope this helps!
Keven
==========================================
Keven Riggle
Systems Librarian
John P. Raynor, S.J. Library
Marquette University
1355 W. Wisconsin Avenue
P.O. Box 3141
Milwaukee, WI 53201-3141
Phone: (414) 288-3253
Fax: (414) 288-7813
Internet: keven dot riggle at marquette dot edu
-----Original Message-----
From: innopac-bounces at innopacusers dot org [
mailto:innopac-bounces at innopacusers dot org] On Behalf Of David McDonald
Sent: Wednesday, January 16, 2008 3:06 PM
To: IUG INNOPAC List
Subject: [IUG] Secure web page
Is there a way to create a web page that forces login authentication?
I am trying to create a page specifically for staff and certain ptypes.
Ideally, there would be a link to this page from the Patron Info page once users login. Then users just click on the link to view the protected page.
Users should not be able to access this page directly if they know the URL. They need to be authorized first.
If it's not possible to create a page that requires a login, is it possible to create content on a page that requires a login in order for it to display?
I've tried experimenting with various tokens, but to no avail.
eg.
<!--{ifneedpatronname}-->
You are not logged in.
<!--{else}-->
You are logged in.
<!--{xif}-->
This page would contain links to various subscription databases as well as login information for databases that do not support either referring URLs/IPs or proxy logons.
Thanks for any help.
Cheers
David S. McDonald
Systems and Library Technology Manager
Nova Scotia Legislative Library
P.O. Box 396,
Halifax, Nova Scotia B3J 2P8
(902)424-5658 Fax (902) 424-0220
mcdonads at gov dot ns dot ca
--- StripMime Report -- processed MIME parts ---
multipart/alternative
text/plain (text body -- kept)
text/html
---
--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC at innopacusers dot org
Update your subscription options:
http://innopacusers.org/mailman/listinfo/innopac
Home
Mailing list