Restricted WMS access

Hello,

Is it possible to have a restricted (user id and password required) WMS
service through Mapserver?  If so, how can this be done?  I have searched
the documentation but had not been able to find if this is possible.

Thank you

Alberto Najera


_______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users

I don't think MapServer does this itself. We've done this by proxying MapServer behind tomcat and using a servlet filter to validate the user.

Rich

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Alberto Najera
Sent: Monday, May 28, 2012 2:35 AM
To: [hidden email]
Subject: [mapserver-users] Restricted WMS access

Hello,

Is it possible to have a restricted (user id and password required) WMS service through Mapserver?  If so, how can this be done?  I have searched the documentation but had not been able to find if this is possible.

Thank you

Alberto Najera


_______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users



Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged information. Unauthorized
review, use, disclosure or distribution is prohibited. If you are not the addressee indicated in this
message kindly notify the sender by reply e-mail and destroy all copies of the original message.

_______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users

Hi,

For simple needs you can configure Apache to use http basic authentication and make it to require https.
http://httpd.apache.org/docs/2.0/howto/auth.html 

Setting basic authentication is simple but it does not give any real security without configuring Apache to use https instead of http. But anyway, Mapserver project does not give you tools for access control. Consider if https + basic authentication is enough for you. It may be if you do not need user roles and all it should do is either to give or deny access to Mapserver. Most simple way to do this is to put the cgi-bin directory behind passwords somehow like

<Location "/cgi-bin">
    Options None
    Order allow,deny
    Allow from all
      AuthType Basic
           AuthName "Please log in"
            # (Following line optional)
            AuthBasicProvider file
            AuthUserFile "c:/ms4w/apache/passwd/passwords"
           Require user user1 user2 user3
</Location>

As a result only user1, user2 and user3 can reach cgi-bin if they give correct password.

-Jukka Rahkonen-



Richard Suematsu
  _______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users

Thanks for the information, I am getting the idea. I would not like to
restrict the cgi-bin as we have some maps that are not restricted.  Would it
be possible to restrict only the folder where the restricted Mapfiles are
located?

Alberto Najera
 

-----Mensaje original-----
De: [hidden email]
[mailto:[hidden email]] En nombre de Rahkonen Jukka
Enviado el: miércoles, 30 de mayo de 2012 03:29 a.m.
Para: '[hidden email]'
Asunto: Re: [mapserver-users] Restricted WMS access

Hi,

For simple needs you can configure Apache to use http basic authentication
and make it to require https.
http://httpd.apache.org/docs/2.0/howto/auth.html 

Setting basic authentication is simple but it does not give any real
security without configuring Apache to use https instead of http. But
anyway, Mapserver project does not give you tools for access control.
Consider if https + basic authentication is enough for you. It may be if you
do not need user roles and all it should do is either to give or deny access
to Mapserver. Most simple way to do this is to put the cgi-bin directory
behind passwords somehow like

<Location "/cgi-bin">
    Options None
    Order allow,deny
    Allow from all
      AuthType Basic
           AuthName "Please log in"
            # (Following line optional)
            AuthBasicProvider file
            AuthUserFile "c:/ms4w/apache/passwd/passwords"
           Require user user1 user2 user3 </Location>

As a result only user1, user2 and user3 can reach cgi-bin if they give
correct password.

-Jukka Rahkonen-



Richard Suematsu
 

_______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users

On 12-05-28 9:34 AM, Alberto Najera wrote:
> Hello,
>
> Is it possible to have a restricted (user id and password required) WMS
> service through Mapserver?  If so, how can this be done?  I have searched
> the documentation but had not been able to find if this is possible.
>

Hello Alberto,

In case nobody has said this yet: you can also use frameworks on top of
MapServer to handle WMS/OWS authentication, and here is a starting list
for you to examine:

- Mapbender: (been around a long long time and has a wonderful amount of
OWS functionality) http://www.mapbender.org/Mapbender_Wiki
- Geoprisma: http://geoprisma.org/site/index.php
- secureOWS: https://github.com/camptocamp/secureOWS
- GeoShield: http://istgeo.ist.supsi.ch/site/projects/geoshield

There are probably others :)

-jeff




--
Jeff McKenna
MapServer Consulting and Training Services
http://www.gatewaygeomatics.com/


_______________________________________________
mapserver-users mailing list
[hidden email]
http://lists.osgeo.org/mailman/listinfo/mapserver-users