NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi John, > I assume this is in the context of TDS/ncWMS ? Yes, although we might want to use the same scheme for OPeNDAP access too. I assume that this will happen automatically if we enable per-dataset security? Cheers, Jon ------------------------------------------------------------------- Date: Thu, 08 Apr 2010 21:03:09 -0600 From: John Caron <caron@xxxxxxxxxxxxxxxx> To: thredds@xxxxxxxxxxxxxxxx Subject: Re: [thredds] Custom authentication scheme avoiding redirects Message-ID: <4BBE98ED.7070403@xxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hey Jon: Redirects are used for sending the user to an https URL. Im guessing if you dont need that, it should be possible to authenticate without a redirect. cookies are not needed if you dont care about authentication overhead. our "per-dataset" authentication got rather complicated because we were trying to use https for authentication but send the data over http to avoid the enccyption overhead. We'll have to look at how to make the simple case simple. I assume this is in the context of TDS/ncWMS ? In the meanwhile, you might want to look at this page, assuming you can get in: https://wiki.ucar.edu/display/esgcet/Adding+ESG+security+to+a+TDS+server On 4/7/2010 3:43 AM, Jonathan Blower wrote: > Hi, > > I'd like to be able to restrict access to a THREDDS server on a > per-dataset basis. I note from the documentation > (http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/RestrictedA > ccess.html) that the current scheme involves HTTP redirects and session > cookies. However, some of the clients we use are not able to handle > redirects or cookies. > > I would like to have per-dataset security which simply uses HTTP Basic > or Digest authentication without redirects or sessions. I don't have an > immediate need for using SSL to encrypt passwords. How can I go about > doing this? I'd be comfortable creating new code that can be plugged in > to THREDDS if necessary. > > Thanks, > Jon > > -- > Dr Jon Blower > Technical Director, Reading e-Science Centre > Environmental Systems Science Centre > University of Reading > Harry Pitt Building, 3 Earley Gate > Reading RG6 6AL. UK > Tel: +44 (0)118 378 5213 > Fax: +44 (0)118 378 6413 > j.d.blower@xxxxxxxxxxxxx > http://www.nerc-essc.ac.uk/People/Staff/Blower_J.htm > > > _______________________________________________ > thredds mailing list > thredds@xxxxxxxxxxxxxxxx > For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/ > End of thredds Digest, Vol 15, Issue 4 **************************************
thredds archives: