Follow these step-by-step instructions to password protect your website such that only people who are members of a pre-defined group in the UW Groups Service can get in.
Note: UW Group IDs for course groups and student major groups are not yet supported for this use.
Note: Groups with membership viewing restrictions will not work in .htaccess files, because the Web servers will not have permission to view the membership of the group. If you want to use groups with restricted memberships for website authorization, you need to add the UW Web servers to your group’s list of membership viewers. You can email help@uw.edu for the current identifiers for those servers.
To provide access to members of a group by referencing its UW Group ID:
- If you have not already created a group with the proper membership, use the Groups Web Service to create a group with the members you would like permitted to your site.If you do not have any groups yet, you should be able to start by creating groups with IDs like the following:
u_uwnetid_purpose
In this group ID, uwnetid is your UW NetID. The group ID “u_uwnetid” is your home group stem. You have default permissions to create groups beginning with your home group stem. The purpose component of the group ID is specific to the purpose of this group. Subgroups like u_uwnetid_purpose_specific can be created for more specific groups below the original u_uwnetid_purpose group.
- Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
- At the prompt, enter the following command to change directories to your Web directory:
cd public_html
If you want to protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:
cd private
- At the prompt, enter the following command to create a .htaccess file in the current working directory:
nano .htaccess
- Add the following text to this file:
AuthType Shibboleth <IfVersion < 2.4> ShibCompatWith24 on </IfVersion> ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam
Substitute u_netid_myteam with the UW Group ID you want to reference for access control.
Note: You may provide access to multiple groups by listing them on one line separated by spaces. For example:require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam urn:mace:washington.edu:groups:u_netid_myotherteam
- Optional – If two factor authentication (2FA) is desired on depts, staff, faculty, or courses, then add the following text to this file instead:
AuthType Shibboleth ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 ShibRequestSetting applicationId 2fa <IfVersion < 2.4> ShibRequireAll on ShibCompatWith24 on require authnContextClassRef https://refeds.org/profile/mfa require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam </IfVersion> <IfVersion >= 2.4> <RequireAll> require authnContextClassRef https://refeds.org/profile/mfa require shib-attr isMemberOf urn:mace:washington.edu:groups:u_netid_myteam </RequireAll> </IfVersion>
Substitute u_netid_myteam with the UW Group ID you want to reference for access control.
- Save and close the file using Nano. (Click for instructions on how to use nano).
- You’re done! Confirm that password protection is working by having someone in the referenced group open your website with a Web browser.