[OpenLayers-Users] Authenticating against a secured WMS server under IIS

Christopher Schmidt crschmidt at metacarta.com
Thu Apr 3 22:15:01 EDT 2008 

On Thu, Apr 03, 2008 at 02:56:44PM -0400, Paul Angelino wrote:
> Hello,
> 
>  
> 
> I'm pretty new to OpenLayers.  I recently began using it to add spatial
> functionality to an existing non-spatial web app.  We're publishing WMS
> services from an ArcGIS Server 9.2 instance under IIS, configured to
> prevent anonymous access.  This is a good thing since some of the layers
> we're serving contain sensitive data.  I saw this previous post to the
> user forum: 
> http://openlayers.org/pipermail/users/2007-February/000721.html, which
> is exactly what is happening in my situation.  The user gets prompted to
> authenticate against the web server.  The problem is that the user has
> already been authenticated by the web application so I'd like to be able
> to programmatically impersonate the user to our WMS server so there is
> no prompting for credentials. 

Do you have their credentials? (I'd hope, for security reasons, that you
wouldn't, but if you do, what you want is possible. Otherwise, it's not.) 

If you do have their credentials, you can generate URLs like:

  "http://username:password@example.com/wms/foo"

And their credentials will be passed by the browser.
> I don't see anything in the OpenLayers
> 2.5 API to support this, but I did run across this: 
> http://trac.openlayers.org/browser/sandbox/tschaub/request/lib/OpenLayer
> s/Request.js?rev=6351.  This OpenLayers.Request method seems to support
> username and password parameters for HTTP authentication.  

This isn't helpful for you. You can already do this for XMLHttpRequest
in trunk (though you'd have to try harder): this doesn't really fix
things in any way. 

> Is there a
> way that this can be used instead of a call to OpenLayers.Layer.WMS to
> instantiate a layer?  

Nope.

> Is the OpenLayers.Request method something in the
> underlying library that is not exposed in the public API, or is this
> something slated for a future release?

The latter.

> Any information is greatly appreciated on how to access secured WMS
> layers without getting the popup authentication dialog.

Right answer: Use single signon: Kerberos, Active Directory, etc.  
Wrong answer: Integrate user credentials in the URL.

Answer that helps you: Depends on how you're doing auth. Would need more
information on that for you to get helped. 

Regards,
-- 
Christopher Schmidt
MetaCarta

More information about the Users mailing list