Opened 14 years ago

Closed 9 years ago

#3510 closed enhancement (fixed)

WMS Driver does not support Authentication

Reported by: ChrisABailey Owned by: nowakpl
Priority: normal Milestone: 1.8.1
Component: GDAL_Raster Version: svn-trunk
Severity: normal Keywords: WMS
Cc:

Description

The WMS driver does not currently support authentication. The WCS driver does but I believe the fetch mechanism was changes in the WMS driver to support multiple simultaneous requests.

I have been looking at the code and believe this will be relatively easy to do. If you agree with my approach I can make the following changes and submit a patch:

From a user standpoint we will add two new parameters to the WMS XML specification using the same convention as the WCS driver:

  • <UserPwd> - May be supplied with userid:password to pass a userid and password to the remote server.
  • <HttpAuth> - May be BASIC, NTLM or ANY to control the authentication scheme to be used.

If these are set we will pas these into the the WMS requests.

From an implementation stand point I will read the XML and store it in the GDALWMSDataset class.

In RasterBands.cpp I will add two new paramaters to http_request_opts which is passed to CPLHTTPInitializeRequest(...).

Finally I'll modify gdalhttp.cpp to set the appropriate CURL paramaters (just like cpl_http.cpp.)

I have a couple concerns.

  1. I only have one server that I can test with and it is not public so you would need to "trust me" that I tested with the server. Does anyone know of a way I could test this more thoroughly?
  2. I do not think it is a that good to require the password as plain text in the XML description file. I would like to add new methods to the WMSDataSet to "SetUserID" and "SetPassword". Then in In my application I would prompt for the password or store it hashed some way. Does this sound reasonable?

Attachments (1)

Authentication.patch (4.0 KB ) - added by ChrisABailey 13 years ago.
Patch to SVN trunk (1.8)

Download all attachments as: .zip

Change History (7)

comment:1 by warmerdam, 14 years ago

Owner: changed from warmerdam to nowakpl

comment:2 by nowakpl, 13 years ago

Current wms driver version should support http authentication, just supply user:password with ServerURL.

<ServerURL>http://testuser:password@127.0.0.1/wms?</ServerUrl>

comment:3 by ChrisABailey, 13 years ago

Version: 1.7.1svn-trunk

The attached patch follows the model of the WCS where you can set a UserPwd and also an Authentication scheme (BASIC, NTLM or ANY) which gets sent to CURL.

The server I tested with uses BASIC authentication so I could only test BASIC and ANY but since it is just a parameter I have high confidence that NTLM will also work as expected.

by ChrisABailey, 13 years ago

Attachment: Authentication.patch added

Patch to SVN trunk (1.8)

comment:4 by atte, 13 years ago

Update: 1.8 has now <UnsafeSSL> that was added in #3882.

comment:5 by Jukka Rahkonen, 9 years ago

<UserPwd>user:password</UserPwd> implemented and documented in http://www.gdal.org/frmt_wms.html

<HttpAuth> not implemented, only Basic Auth supported at the moment. Maybe still enough work done for closing this ticket?

comment:6 by Jukka Rahkonen, 9 years ago

Resolution: fixed
Status: newclosed

Closing the ticked because "WMS driver does support Authentication" (with Basic Auth).

Note: See TracTickets for help on using tickets.