Webguide Home | Search
New York University

Web Site Development

Option 3 - 'single sign-on' using the NYU NetID/password combination

Using this method, an individual will be prompted for their NetID and NetID password when they go to your site. Remember, access is protected by directory so everything in that directory will be under the password restriction. The advantage is two-fold: people don’t have to remember another username or password, and after it’s set up, you don’t have to do anything! However, all the people you want to have access the directory must have an NYU NetID.

This method requires one file - the file .htaccess.

The .htaccess file should be located in the directory which contains the documents to which you wish to restrict access. The content of this version of the .htaccess file does not require passwords because the server has access to a secure database which has all the NetIDs and appropriate passwords for each NetID.

Because you are requesting that site visitors enter in their NetID and password (the same credentials used for other secure services at NYU), you must add a SSL directive into your .htaccess file to force a secure web connection.

Text for a .htaccess file which will allow anybody at NYU with an active NetID/password to log in securely:

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

AuthBasicProvider ldap
AuthName "Put Your Description Here"
require valid-user

Note: If you have more than one word in the AuthName field, you must surround your text with quotation marks. Remember that this method allows ANYONE with an active NetID/password to access your site.

Text for a .htaccess file which will only allow specific individuals with active NetIDs/passwords to log in securely:

If you want specific people to be able to access the page, you need to list their NetIDs. For example:

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

AuthBasicProvider ldap
AuthName "Put Your Description Here"
require ldap-user aqe123
require ldap-user tst2
require ldap-user tst10

Replace the NetIDs in italics with the ones you wish to include.

Note: If you have more than one word in the AuthName field, you must surround your text with quotation marks.

Remember to test out the restriction file to ensure that it is working correctly. Go to the URL of the part of your site that you’ve restricted and enter in the appropriate information combination. Remember, once you’ve logged in successfully, you’ll need to quit and restart your browser in order to test again.