Department of Electrical Engineering and Computer Science



Protecting Web Applications (NetAuth library)

To enable uniform, NetID-based logins for web applications in EECS, a library and service called NetAuth was created.  It uses a very simple API to authenticate against a web service, returning user information and UT group memberships.  The library also handles the login/logout process, automatically providing the login form and session management so that only a couple lines of code are needed to secure an application.

If you are looking for information on .htaccess files and simple file protections on the web, see Protecting Web Pages.

The following is a sample web application using the NetAuth library to restrict access to EECS users:

 

PHP

Download library and sample files

<?php

##
##  EECS Network Authentication Example
##  Version: 1.0
##  Last Updated: 02/06/2013
##

////////////////////  BEGIN AUTHENTICATION  ////////////////////

require('NetAuth.php');

/*
    If you don't want all NetID users to authenticate, extend
    the NetAuth class with userisQualified() to restrict logins.
*/

Class EECSAuth extends NetAuth
{
    function userIsQualified()
    {
        if ($this->hasGroup('UTK.EECS.AllUsers')) return true;
    }
}

/*
    Choose an implementation that matches your authentication needs.
    To set the application title for the login page, add a second argument to the constructor.

    $auth = new EECSAuth(false);  # Authentication is optional; User can sign in if userIsQualified() == true
    $auth = new EECSAuth(true);   # Authentication is required; User can sign in if userIsQualified() == true
    $auth = new NetAuth(false);   # Authentication is optional; All users can sign in
    $auth = new NetAuth(true);    # Authentication is required; All users can sign in
*/

$auth = new EECSAuth(false,'Sample Client');

////////////////////  END AUTHENTICATION  ////////////////////

/*
    Check the authentication state with isSignedIn().

       boolean $auth->isSignedIn()

    Use accessor methods to retrieve user information.

        string $auth->getUsername()
        string $auth->getFirstName()
        string $auth->getLastName()
        string $auth->getDisplayName()
        string $auth->getEmail()
         array $auth->getGroups()
       boolean $auth->hasGroup(string $groupName)

    Enjoy!
*/

?>
<DOCTYPE html>
<html>
<head>
    <title>Sample Client Application</title>
</head>
<body>
    <h1>Sample Client</h1>
<?php if ($auth->isSignedIn()) { ?>
    <p>
        You are signed in as <?=$auth->getFirstName()> <?=$auth->getLastName()?> (<?=$auth->getUsername()?>)
        <a href="?do=signout" id="action">Sign Out</a>?
    </p>
<?php } else { ?>
    <p>You are not currently signed in.  <a href="?do=signin" id="action">Sign In</a>?</p>
<?php } ?>
</body>
</html>

Other Languages

The NetAuth library is only available in PHP at this time but should not be difficult to port to other languages such as Python or Perl.  If you decide to port this library to another language, please send the code to webteam(at)eecs.utk.edu so we can publish it here.


 

The University of Tennessee, Knoxville. Big Orange. Big Ideas.

Knoxville, Tennessee 37996 | 865-974-1000
The flagship campus of the University of Tennessee System