User Authentication via WMS/WFS?

Angus Dickey angusd at MIDWESTSURVEYS.COM
Mon Jul 17 19:03:05 EDT 2006 

I have heard of people using standard http authentication for WMS/WFS
services. The problem with this is that not all clients support this, as
was mentioned in the previous post.

 

What I ended up doing was creating a CGI wrapper for mapserver that
would intercept username and password parameters from the get or post
request, authenticate against a database, and then pass control to
mapserver using the appropriate mapfile. The URL would become something
like this:

 

http://ogc.domain.com/mapserver/ms?user=username&pass=password&

 

While this approach works it has a few problems:

 

-User/pass embedded in URL

-You would have to include the username and pass in the OnlineResource
URL in the mapfile for most clients to work

-Could potentially slow down requests as it has to hit a database
everytime a request is made if the user and pass are included in the URL

The benefits are:

-Can control what mapfile gets loaded based on username

-Can also include extra processing or logging prior to calling mapserver

 

Anyway just a thought, there may be better ways to accomplish your goal.

 

~Angus

 

  _____  

From: Ed McNierney [mailto:ed at TOPOZONE.COM] 
Sent: July 17, 2006 3:30 PM
To: MAPSERVER-USERS at LISTS.UMN.EDU
Subject: Re: [UMN_MAPSERVER-USERS] User Authentication via WMS/WFS?

 

Curtis & Paul -

 

In practice, authentication is more of a user interface concern.  You
can't force an application (ESRI's ArcMap, for example) to provide UI to
enter a username and password if that application doesn't provide that
UI (and it doesn't).  This limits the HTTP authentication options
available to WMS providers, and it requires a relatively unpalatable URL
(with username and password embedded in it) to support even Basic
authentication.

 

But Curtis, it's hard to tell what your question is when it's only one
sentence.  If you can be more specific about what you're trying to do
you'll get more specific help and fewer random observations tangentially
related to your topic <g>.

 

    - Ed

Ed McNierney
President and Chief Mapmaker
TopoZone.com / Maps a la carte, Inc.
73 Princeton Street, Suite 305
North Chelmsford, MA  01863
ed at topozone.com
(978) 251-4242 

 

  _____  

From: UMN MapServer Users List [mailto:MAPSERVER-USERS at LISTS.UMN.EDU] On
Behalf Of Paul Ramsey
Sent: Sunday, July 16, 2006 11:28 AM
To: MAPSERVER-USERS at LISTS.UMN.EDU
Subject: Re: [UMN_MAPSERVER-USERS] User Authentication via WMS/WFS?

Curtis, 

 

Authentication is more of an HTTP concern, not a WMS concern. Do this at
the web server level via Apache or IIS configuration. 

 

P 

 

On 15-Jul-06, at 11:11 PM, Curtis W. Ruck wrote:





Is there a way to force user authentication through WMS/WFS in
mapserver?





 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-users/attachments/20060717/2f3bc422/attachment.html

More information about the mapserver-users mailing list