Example of access control with the authentication wrapper.

Once you have your web application equipped with the MNA authentication tool you now allow anyone with MNA access to use the web application. In some situations this is not the desired requirement. For example, an application might only need to allow a certain group of users access but would still like to base the authentication on MNA. This group access can be accomplished using the web server's built in access control. This example uses Apache.

MUSC Rumors and access control

A web application that required group access control is the Rumor Mill. This application lists several rumors that are circulating around the Medical University. To add a rumor you must have MNA access, but to answer the rumor you must be qualified. If you meet these qualifications you are added to the group that can answer a rumor. All that is neccesary to get group based authorization is to add the following .htaccess file to the directory that your web application is in. For the Rumor Mill the following .htaccess file is put in /usr/local/apache/cgi-bin/rumors/admin:

AuthName "Rumor Admin (MNA ID and Password)"
AuthType Basic
AuthAnyUserProg "/usr/local/itlab/bin/authClient atrium.musc.edu 10070"

AuthGroupFile /usr/local/apache/groups
require valid-user
require group rumor

The group is then managed by changing /usr/local/apache/groups. Here is the entry for the Rumor Mill.

rumor: zorncj robertsk

This entry allows zorncj and robertsk to log in. Anyone else will be denied. Please see the Apache documentation for further details.