Studio Session: Server Side Authentication & Includes

Today we'll work on server-side authentication and includes.

Server-Side Authentication: Studio Exercise

On many web servers, you can create your own user and password file to restrict access to a web directory. On Gibson, access control is managed not via a user-created password file but instead using the campus-wide authentication system. If you password protect a directory using this method, your page(s) will have to be referenced using the https protocol, i.e. https://people.rit.edu/~abc1234/protected_directory/

To limit access to any and all RIT users with valid (DCE) login, use the following .htaccess syntax:

AuthType Basic
AuthName "RIT"
AuthBasicProvider ldap
SSLRequireSSL
AuthLDAPUrl ldaps://ldap.rit.edu/ou=people,dc=rit,dc=edu?uid?sub
AuthzLDAPAuthoritative off
require valid-user

To limit access to only specific RIT user(s), use the following .htaccess syntax, placing the usernames of the users who should have access (e.g. ellics or abc1234) in place of the "username1", "username2" examples.

AuthType basic
AuthName "Your Description Here"
AuthBasicProvider ldap
SSLRequireSSL
AuthLDAPUrl ldaps://ldap.rit.edu/ou=people,dc=rit,dc=edu?uid?sub
require ldap-user username1 username2

(This information is taken from the RIT "Technical Information" site for the gibson server.)

Server-Side Includes: Studio Exercise

Look over this SSI Tutorial page, and/or the Webmonkey XSSI tutorial. Using those examples as a starting point, create a page that automatically shows the current date and time, and also includes a copyright statement (or some other fragment of text) taken from an external file in another directory.

Remember, pages with server-side includes must have the .shtml file extension to be parsed properly by the server!