<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PostalCode"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="State"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="City"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="Street"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="address"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple style='WORD-WRAP: break-word;
khtml-nbsp-mode: space;khtml-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I have heard of people using standard http
authentication for WMS/WFS services. The problem with this is that not all clients
support this, as was mentioned in the previous post.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>What I ended up doing was creating a CGI wrapper
for mapserver that would intercept username and password parameters from the
get or post request, authenticate against a database, and then pass control to
mapserver using the appropriate mapfile. The URL would become something like
this:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>http://ogc.domain.com/mapserver/ms?user=username&pass=password&<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>While this approach works it has a few
problems:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-User/pass embedded in URL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-You would have to include the username
and pass in the OnlineResource URL in the mapfile for most clients to work<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-Could potentially slow down requests as
it has to hit a database everytime a request is made if the user and pass are
included in the URL<br>
<br>
The benefits are:<br>
<br>
-Can control what mapfile gets loaded based on username<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>-Can also include extra processing or
logging prior to calling mapserver<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Anyway just a thought, there may be better
ways to accomplish your goal.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>~Angus<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Ed McNierney
[mailto:ed@TOPOZONE.COM] <br>
<b><span style='font-weight:bold'>Sent:</span></b> July 17, 2006 3:30 PM<br>
<b><span style='font-weight:bold'>To:</span></b> MAPSERVER-USERS@LISTS.UMN.EDU<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [UMN_MAPSERVER-USERS]
User Authentication via WMS/WFS?</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>Curtis & Paul -</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>In practice, authentication is more of a
user interface concern. You can't force an application (ESRI's ArcMap,
for example) to provide UI to enter a username and password if that application
doesn't provide that UI (and it doesn't). This limits the HTTP
authentication options available to WMS providers, and it requires a relatively
unpalatable URL (with username and password embedded in it) to support even
Basic authentication.</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>But Curtis, it's hard to tell what your
question is when it's only one sentence. If you can be more specific
about what you're trying to do you'll get more specific help and fewer random
observations tangentially related to your topic <g>.</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span></font><font size=2 color=blue face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:blue'>- Ed</span></font><o:p></o:p></p>
<p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>Ed
McNierney<br>
President and Chief Mapmaker<br>
TopoZone.com / Maps a la carte, Inc.<br>
<st1:Street w:st="on"><st1:address w:st="on">73 Princeton Street, Suite 305</st1:address></st1:Street><br>
<st1:place w:st="on"><st1:City w:st="on">North Chelmsford</st1:City>, <st1:State
w:st="on">MA</st1:State> <st1:PostalCode w:st="on">01863</st1:PostalCode></st1:place><br>
ed@topozone.com<br>
(978) 251-4242 </span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabIndex=-1>
</span></font></div>
<p class=MsoNormal style='margin-bottom:12.0pt'><b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> UMN
MapServer Users List [mailto:MAPSERVER-USERS@LISTS.UMN.EDU] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Paul Ramsey<br>
<b><span style='font-weight:bold'>Sent:</span></b> Sunday, July 16, 2006 11:28
AM<br>
<b><span style='font-weight:bold'>To:</span></b> MAPSERVER-USERS@LISTS.UMN.EDU<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [UMN_MAPSERVER-USERS]
User Authentication via WMS/WFS?</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>Curtis, <o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>Authentication is more of an HTTP concern, not a WMS concern. Do this
at the web server level via Apache or IIS configuration. <o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>P <o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On 15-Jul-06, at 11:11 PM, Curtis W. Ruck wrote:<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br>
<o:p></o:p></span></font></p>
<div>
<div>
<p class=MsoNormal><span class=apple-style-span><font size=2 color=black
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:black'><span
style='border-spacing: 0px 0px;khtml-text-decorations-in-effect: none;
apple-text-size-adjust: auto;orphans: 2;widows: 2;word-spacing:0px'>Is there a
way to force user authentication through WMS/WFS in mapserver?</span></font></span><font
size=2 color=black face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:black'><o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=1 color=black face=Helvetica><span
style='font-size:9.0pt;font-family:Helvetica;color:black'><br>
<br>
</span></font><o:p></o:p></p>
</div>
</span>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</div>
</div>
</div>
</body>
</html>
</P>