Authorizing Any Valid UW NetID

Last updated: January 12, 2023
Audience: All UW

To provide access to anyone with a valid UW NetID:

  1. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  2. At the prompt, enter the following command to change directories to your Web directory:
    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private
  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:
     nano .htaccess
  4. Add the following text to this file:
    AuthType Shibboleth
    <IfVersion < 2.4>
      ShibCompatWith24 on
    </IfVersion>
    ShibRequestSetting requireSession true
    ShibRequestSetting redirectToSSL 443
    require valid-user
  5. Optional – If two factor authentication (2FA) is desired on depts, staff, faculty, or courses, then add the following text to this file instead:
    AuthType Shibboleth
    ShibRequestSetting requireSession true
    ShibRequestSetting redirectToSSL 443
    ShibRequestSetting applicationId 2fa
    <IfVersion < 2.4>
      ShibRequireAll on
      ShibCompatWith24 on
      require authnContextClassRef https://refeds.org/profile/mfa
      require valid-user
    </IfVersion>
    <IfVersion >= 2.4>
      <RequireAll>
        require authnContextClassRef https://refeds.org/profile/mfa
        require valid-user
      </RequireAll>
    </IfVersion>
    

To the Web server, valid-user has special meaning. In this context, it refers to anyone who can enter a valid UW NetID and password.

Tip: This will allow any UW NetID (including group accounts and temporary IDs) to access your website. To restrict access further to only specific affiliations, for instance students or faculty, see Authorizing UW NetIDs by Affiliation Type.