Authorizing UW NetIDs by Affiliation Type

Last updated: January 12, 2023
Audience: All UW

Introduction

You can protect your website to restrict it to individuals with the appropriate Affiliation, such as students only, faculty only, etc (see the UW Affiliation Reference for all the possible UW affiliations associated with authorization).

Instructions

Follow these steps to restrict access to a website to affiliations of type “student”. For other affiliation types, just replace “student” with “faculty”, “alum”, etc.

  1. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  2. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    nano .htaccess

  4. Add the following text to this file: 
    AuthType Shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require shib-attr affiliation student@washington.edu

    You can also combine multiple affiliations. For instance, to allow only faculty and students access, use:

    AuthType Shibboleth
<IfVersion < 2.4>
  ShibCompatWith24 on
</IfVersion>
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
require shib-attr affiliation faculty@washington.edu student@washington.edu

    If your site is hosted on depts, faculty, staff, or courses you may also enable two-factor authentication (2fa) by adding the following text to the file:

    AuthType Shibboleth
ShibRequestSetting requireSession true
ShibRequestSetting redirectToSSL 443
ShibRequestSetting applicationId 2fa
<IfVersion < 2.4>
  ShibRequireAll on
  ShibCompatWith24 on
  require authnContextClassRef https://refeds.org/profile/mfa
  require shib-attr affiliation student@washington.edu
</IfVersion>
<IfVersion >= 2.4>
  <RequireAll>
    require authnContextClassRef https://refeds.org/profile/mfa
    require shib-attr affiliation student@washington.edu
  </RequireAll>
</IfVersion>
  5. Save and close the file using Nano. (Click for instructions on how to use nano).
  6. You’re done! Confirm that password protection is working by opening your website with a Web browser.