Hi, Perhaps you could make a separate WMS-service for each user group you have? With Mapserver it is easy because you only need to create a new mapfile and then control which mapfile the current user can access. This should at least prevent fiddling with layer names. We are using proxy approach which creates a facede server on a local port after successful login and we are rather satisfied with that. System is self made but it is in principle close to OWS-proxy by deegree, of Web security service by 52nort.org. -Jukka Rahkonen-
________________________________ Lähettäjä: UMN MapServer Users List puolesta: Ruben Pardo Lähetetty: ma 30.7.2007 10:59 Vastaanottaja: [email protected] Aihe: Re: [UMN_MAPSERVER-USERS] Authentication but if the request is generated in other layer, people can ask with a browser to the mapserver changing the name of the layer on the WMS, We have a WMS accesible with some layer to everybody and other to authenticate users. we are thinking on using a remoteWMS like deegree (with WASS) with mapserver, a single sign-on or something on apache (mod_auth or similiar). but we want to know how people use to implement this issue. Thanks. 2007/7/30, Gregor Mosheh <[EMAIL PROTECTED]>: Ruben Pardo wrote: > We want to protect a number of layers to non-authenticate users. > I want to ask how people use to protect layers served by mapserver? is > there any mechanism inside mapserver for this? There sure isn't. Authentication has to be done at some other layer, typically the webserver layer. If Tomcat is generating the requests, then that'd be the best place to do the authentication. -- Gregor Mosheh / Greg Allensworth System Administrator, HostGIS cartographic development & hosting services http://www.HostGIS.com/ "Remember that no one cares if you can back up, only if you can restore." - AMANDA
