Re: [thredds] Custom authentication scheme avoiding redirects

To: <thredds@xxxxxxxxxxxxxxxx>
Subject: Re: [thredds] Custom authentication scheme avoiding redirects
From: "Jonathan Blower" <j.d.blower@xxxxxxxxxxxxx>
Date: Mon, 12 Apr 2010 10:23:58 +0100

Hi John,

> I assume this is in the context of TDS/ncWMS ?

Yes, although we might want to use the same scheme for OPeNDAP access
too.  I assume that this will happen automatically if we enable
per-dataset security?

Cheers, Jon

-------------------------------------------------------------------
Date: Thu, 08 Apr 2010 21:03:09 -0600
From: John Caron <caron@xxxxxxxxxxxxxxxx>
To: thredds@xxxxxxxxxxxxxxxx
Subject: Re: [thredds] Custom authentication scheme avoiding redirects
Message-ID: <4BBE98ED.7070403@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hey Jon:

Redirects are used for sending the user to an https URL. Im guessing if 
you dont need that, it should be possible to authenticate without a 
redirect. cookies are not needed if you dont care about authentication 
overhead. our "per-dataset" authentication got rather complicated 
because we were trying to use https for authentication but send the data

over http to avoid the enccyption overhead. We'll have to look at how to

make the simple case simple.

I assume this is in the context of TDS/ncWMS ?

In the meanwhile, you might want to look at this page, assuming you can 
get in:

https://wiki.ucar.edu/display/esgcet/Adding+ESG+security+to+a+TDS+server

On 4/7/2010 3:43 AM, Jonathan Blower wrote:
> Hi,
>
> I'd like to be able to restrict access to a THREDDS server on a
> per-dataset basis.  I note from the documentation
>
(http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/RestrictedA
> ccess.html) that the current scheme involves HTTP redirects and
session
> cookies.  However, some of the clients we use are not able to handle
> redirects or cookies.
>
> I would like to have per-dataset security which simply uses HTTP Basic
> or Digest authentication without redirects or sessions.  I don't have
an
> immediate need for using SSL to encrypt passwords.  How can I go about
> doing this?  I'd be comfortable creating new code that can be plugged
in
> to THREDDS if necessary.
>
> Thanks,
> Jon
>
> --
> Dr Jon Blower
> Technical Director, Reading e-Science Centre
> Environmental Systems Science Centre
> University of Reading
> Harry Pitt Building, 3 Earley Gate
> Reading RG6 6AL. UK
> Tel: +44 (0)118 378 5213
> Fax: +44 (0)118 378 6413
> j.d.blower@xxxxxxxxxxxxx
> http://www.nerc-essc.ac.uk/People/Staff/Blower_J.htm
>
>
> _______________________________________________
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe,  visit:
http://www.unidata.ucar.edu/mailing_lists/
>    



End of thredds Digest, Vol 15, Issue 4
**************************************

Follow-Ups:
- Re: [thredds] Custom authentication scheme avoiding redirects
  - From: John Caron

2010 messages navigation, sorted by:
1. Thread
2. Subject
3. Author
4. Date
5. ↑ Table Of Contents
Search the thredds archives: