Using these guidlines you can easily add WebAccess authentication to your club web space. This document will guide you through the process and reasoning behind using WebAccess authentication.

What is WebAccess?

(via https://webaccess.psu.edu/help.html)
“The WebAccess system, which uses the University of Michigan’s Cosign technology (a development effort that is funded by the National Science Foundation’s National Middleware Initiative-Enterprise and Desktop Technologies program), provides an environment in which users authenticate/login once with their respective Access Account userids and password to a central server in order to access multiple services protected with WebAccess without needing to re-authenticate. For example, a user can authenticate via Penn State WebAccess and then access services such as the Penn State Portal, Penn State WebMail, and a variety of other WebAccess-enabled, without needing to authenticate again to those services.”

In a Nutshell:

WebAccess allows those with Penn State Access Accounts (or Friends of Penn State accounts) to use the same username and password for multiple websites. This document will help explain how you can incorporate WebAccess into your websites to help protect content that you want or need to limit access to.

Reasons for using WebAccess

If you need a way to protect content on your club website you should consider using Penn State WebAccess for some of the following reasons:
• Secure – WebAccess is a secure way for your users to authenticate and access content on your club site. Additionally, passwords are sent over the internet in encrypted form using Secure Sockets Layer (SSL).
• Liability – Storing user credentials could potentially make you liable if your club website were compromised. With WebAccess, user credentials are never stored in your club web space and no one (including yourself) has access to those credentials.
• Easy – Using WebAccess for authentication is usually much easier than trying to implement a secure login program for you club website on your own.
• Improved User Experience – WebAccess is part of Penn State’s Single Sign-on Solution (SSO) which means users don’t need to register or log in with a different username and password before they gain access to protected content. As long as the user has a Penn State (or Friends of Penn State) access account they will be able to log in.

Reasons for NOT using WebAccess

Of course, WebAccess shouldn’t be used for everything. Here are some examples:
• Public Information – If there is information on your club website that you want the general public to see, you may not want to use WebAccess since guests as well as search engines will not be able to access it. However, if there is certain information on your site that you would like to restrict access to, you may want to try keeping it in a separate folder that you can apply WebAccess authentication to. Deciding what should be public and private content is an important consideration when designing your club site.
• Integration – Integrating WebAccess into an existing web script (such as a discussion forum) can sometimes be difficult and may require programming knowledge. If you’re looking to replace an application’s preexisting registration/login mechanism, prepare to dive into some code. However, if you just need to restrict access to a specific folder on your website, WebAccess is still the way to go and relatively easy.

Requirements

Currently, the only way to enable WebAccess is through php.scripts.psu.edu. Therefore, you must forward all traffic to this server. If you’re already writing your site in PHP, you can skip this step since files ending in ‘.php’ are automatically redirected to the php.scripts server.

Installation Steps

1. Put all of the content you want to protect in a subfolder on your website.
2. Send an e-mail to dbadmin@aset.psu.edu with the url to the folder that you want webaccess enabled on.
3. You’ll receive a reply with the new URL to that folder. You’ll probably also be given the option to either continue to allow access to the folder from the old URL (unauthenticated) or disable that access. In most cases, you want to disable this access otherwise it sort of defeats the purpose.

Limiting Access to Certain Penn State Users

In many cases, you may want to grant access to private content to only a few Penn State users. This can be done quickly and easily using .htaccess. In the folder that’s protected by WebAccess, create a new file named .htaccess. Open .htaccess and paste the following:

AuthType Cosign
require user abc000 def548 ghi984

Replace the fake usernames in the second line with the names of the users that you want to grant access. You may add as many users as needed to that line.

Close Bookmark and Share This Page

Save to Browser Favorites / Bookmarks

Ask backflip blinklist BlogBookmark Bloglines BlogMarks Blogsvine BuddyMarks BUMPzee! CiteULike co.mments Connotea del.icio.us

Digg diigo DotNetKicks DropJack dzone Facebook Fark Faves Feed Me Links Friendsite folkd.com Furl Google

Hugg Jamespot Jeqq Kaboodle kirtsy linkaGoGo LinkedIn LinksMarker Ma.gnolia Mister Wong Mixx MySpace MyWeb

Netvouz Newsvine oneview OnlyWire PlugIM Propeller Reddit Rojo Segnalo Shoutwire Simpy Slashdot Sphere

Sphinn Spurl Squidoo StumbleUpon Technorati ThisNext Twitter Webride Windows Live Worlds Movies Yahoo!

Email This to a Friend

Copy HTML: 

 If you like this then please subscribe to the RSS Feed.

Powered by Bookmarkify™

More »