Tags:
create new tag
view all tags

Question

Short description

When enabling

  • Set ALLOWWEBVIEW = SecureHelpdeskGroup

for one web, no guest can access any of the public webs anylonger. Instead any user had to login first.

Goal: Add Partial Authenticaion for specific Webs

  • Create a new Web
  • Allow only authorized groups to view this web
  • Allow only authorized groups to edit this web
  • Still allow public access to view standard webs

Implementation

  • Created a new web called "Secure"
  • Defined new groups
    • SecureHelpdeskGroup
    • SecureAdminGroup
  • Registered new users
  • Attached this users to the new groups
  • Changed WebPreferences of the Secure web as follows: 
   * Users or groups who are not / are allowed to view / change / rename topics in the Secure web: (See TWikiAccessControl)
      * Set DENYWEBVIEW =
      * Set ALLOWWEBVIEW = SecureHelpdeskGroup
      * Set DENYWEBCHANGE =
      * Set ALLOWWEBCHANGE = SecureHelpdeskGroup
      * Set DENYWEBRENAME =
      * Set ALLOWWEBRENAME = SecurelHelpdeskGroup

   * Users or groups allowed to change or rename this WebPreferences topic: (I.e. TWikiAdminGroup)
      * Set ALLOWTOPICCHANGE =
      * Set ALLOWTOPICRENAME = SecureAdminGroup

Problem

  • Now everyone has to login, even when he/she does not want to access Secure web but only TWiki, Sandbox or any other public web.
  • Note:
    • index.html is refered to Main/view/bin/view/Main/WebHome
    • However when enabeling Set ALLOWWEBVIEW = SecureHelpdeskGroup all view requests for all webs are now handeled via viewauth. I would have expected that only view request for Secure web are processed via viewauth though. I believe that this is the reason why all user have to authenticate.

Hosting Environment

  • TWiki on an ISP Virtualhost using a Subdomain
  • Used TWikiInstallationGuide for setup
  • Using Basicauthenticaion

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Debian Sarge (Testing)
Web server: Apache 1.3.29
Perl version: 5.8.3
Client OS: Windows 2000 SP4, Debian unstable
Web Browser: Firefox 1.0, Internet Explorer 6
Categories: Authentication

-- WolfgangAlper - 24 Jan 2005

Answer

Not sure why the whole site requires authentication. If you set ALLOWWEBVIEW only for the Secure web, then the users should be able to view the other webs without authentication.

Users sessions need to be tracked for partial authentication. Do you have $doRememberRemoteUser set in the TWiki.cfg? This tracks users by IP address. Alternatively use a session Plugin for cookie based user tracking.

-- PeterThoeny - 25 Jan 2005

I had not enabled $doRememberRemoteUser. However when i do this, nothing changes - same behaviour. Still wonder why the following redirect in .htaccess (located at wiki.mydomain.de enables the viewauth script though, if ALLOWWEBVIEW is enabled only for one web wich is not Main. Content auf .htaccess 

Redirect /index.html  http://wiki.mydomain.de/bin/view/Main/WebHome
leads to a redirect of: 
http://wiki.mydomain.de/bin/viewauth/Main/WebHome
but only (as said) if ALLOWWEBVIEW is being used. However, if ALLOWWEBVIEW is not set, the redirect works as expected: 
http://wiki.mydomain.de/bin/view/Main/WebHome

-- WolfgangAlper - 25 Jan 2005

Try if a topic other then Main in the Main works as expected.

Your WebHome probably lists the SiteMap. If this is the case and the Secure web is listed in the site map then you get the redirect since TWiki cannot read the WebPreferences of the hidden web without knowing who the user is. Make sure that the Secure web is not listed (NOSEARCHALL settting in Secure.WebPreferences)

-- PeterThoeny - 26 Jan 2005

First off all thank you for your patience.
You were right, After setting NOSEARCHALL to on it worked as expected - Thank you very much!

Attached some notes that might help others: The setting of SITEMAPLIST has the following effect (refering to the secure web, NOSEARCHALL set to on, after having authenticated as a valid user). When set to on

  • the secure web shows up in the Leftbar
  • the secure web shows up in the Sitemap of the secure web.

When set to empty

  • the secure web shows up in the Leftbar
  • the secure web does not show up in the SiteMap of secure web.

Regardless of the setting of SITEMAPLIST it does not show up in any other web (neither in the Leftbar nor in the SiteMap of the particular web.

-- WolfgangAlper - 26 Jan 2005

I think it would generally be a good idea to be able to view the SiteMap without the need to authenticate.

-- ChristopherHuhn - 28 Jan 2005

I agree.

However while reading through the support web, i got an understanding that this cannot be done easily. Unfortunately I do not remember the page - but there was an excellent describtion about the problem and the related issues.

-- WolfgangAlper - 01 Feb 2005

WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r7 - 2005-02-01 - WolfgangAlper
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.