mf-geoadmin3 icon indicating copy to clipboard operation
mf-geoadmin3 copied to clipboard

Published 20 hours ago verified publisher icon geoadmin

WM(T)S mit basic Auth (manage permalink -> no pwd in permalink / ask user/pwd at start)

Open davidoesch opened this issue 5 years ago • 6 comments

als Secure Diensteanbieter WMS WMTS (basic auth)

will ich WM(T)S mit basic auth gesichert (u/p) im import werkzeug laden können analog zu https://www.ldbv.bayern.de/hilfe.html#import_wms

weil ich Datenbenen meiner gesichterten Dienste im Kartenviewer darstellen will für die Umsetzung Richtung "NGDI Viewer" ohne die Daten in die BGDI physisch zu integrieren zu müssen und einen Permalink auf einen von mir betriebenen Datensatz in map.geo.admin.ch darstellen will und somit meine einfachen WebMapping Anwendung ablösen kann

Akzeptanz Kriterium

  • [ ] GUI für optionales U/P basic auth
  • [ ] gemäss eg https://github.com/camptocamp/secureOWS/wiki oder gemäss
  • [ ] http://en.wikipedia.org/wiki/Basic_access_authentication oder
  • [ ] http://en.wikipedia.org/wiki/Digest_access_authentication
  • [ ] Permalink: Lösung ohne cookies: wenn Permalink weitergeleitet: user Prompt modal window für eingabe U/P

Deliverables:

  • [ ] GUI
  • [ ] Works with Secure WMS from wms-swisstopo

out of scope:

  • user mmgt
  • cookie mmgt

How to Demo:

  • [ ] secure wms swisstopo
  • [ ] sec wms from geo sz @kuneppe
  • [ ] sec wms from geo so @edigonzales

Backlog:

related https://github.com/geoadmin/mf-geoadmin3/issues/3869 https://github.com/geoadmin/mf-geoadmin3/issues/2414

davidoesch avatar Feb 03 '19 18:02 davidoesch

You may rely on the fact that Basic Auth is sending its Authorization header every time. Try the following:

1/ Load a page with a Basic Auth WMS (wms.swisstopo.admin.ch). The layer is loaded but won't display (Swissimage secure)

https://s.geo.admin.ch/7ff2dc41d4

You must be outside BVNET

2/ "Log into" the secure WMS with Basic Auth (with username/password)

https://wms.swisstopo.admin.ch/?SERVICE=WMS&VERSION=1.3.0&REQUEST=GetMap&FORMAT=image%2Fpng&TRANSPARENT=true&LAYERS=ch.swisstopo.swissimage&CRS=EPSG%3A2056&STYLES=&WIDTH=960&HEIGHT=640&BBOX=2420000%2C1030000%2C2900000%2C1350000

A nice Swissimage image is displayed.

3/ Reload the map.geo.admin.ch page.

The Swissimage layer is displayed.

Better play with incognito windows, as there is no logout with Basic Auth. And of course, you WMS service has the correct CORS header (no proxy involved)

procrastinatio avatar Feb 07 '19 10:02 procrastinatio

@edigonzales --- this approach would be enough for you? Of course we would add the UI for u/p

davidoesch avatar Feb 08 '19 06:02 davidoesch

ping @edigonzales

davidoesch avatar Apr 30 '19 06:04 davidoesch

ping @edigonzales bräuchtn hier feedback zur Plannung

davidoesch avatar May 10 '19 10:05 davidoesch

Sorry...

I need a some form where I can enter my credentials since the url is always the same: geo.so.ch/wms. The response will be different if I send basic auth (in the header).

edigonzales avatar May 10 '19 11:05 edigonzales

@procrastinatio can you help @edigonzales

davidoesch avatar May 14 '19 08:05 davidoesch