[WEB4LIB] Remote Access Solution?

[Dan Lester]

Tuesday, July 16, 2002, 3:17:03 PM, you wrote:

AM> 1) A single point of authentication

Yes.

AM> 2) Authentication wouldn't be required until the patron actually
AM> selected a database to access. It was felt that the current process
AM> doesn't give patrons any kind of information before
AM> asking them for their barcode number. In the ideal case, patrons
AM> would get an idea of what they are getting before having to authenticate.

Absolutely.  Look at   http://library.boisestate.edu/indexes/

AM> 3) Once a patron authenticates for one database, they should not have to
AM> authenticate again in the same session.

They don't have to.  Once they've authenticated to EZProxy they're OK
until they close the browser.  EZProxy handles the cookies.

AM> 4) Only use a single set of pages. I don't want to have to maintain
AM> two sets of pages, one for use in the library and one for use outside
AM> the library, if I can help it.

You won't.  We have one page for the list of indexes, cited
above.  We have one authentication page.  Contact me off list and I'll
give you a logon that will work for access to these so you can test it
out and see if it doesn't do what you want.

AM> Items 1, 2 and 4 don't appear to be that difficult to achieve. I can
AM> think of two approaches for having one set of pages handle in-house and
AM> remote users:

AM> A) Use EZProxy to allow all users to appear as if they are accessing
AM> the databases locally. I have a license for EZProxy so this is an
AM> option. One issue I haven't figured out is how to
AM> keep out unauthorized users.

Within the library anyone can use the system.  For outside your IP
range they have to authenticate, using whatever scheme works for you.
We have a simple list of ID number and Phone number pairs that are
extracted from our patron database.  It is a flat text file of the
form:
12345654:1234
34568987:4567

AM> B) Use an IP detection script on each link that would either pass
AM> the user along to the appropriate database or send them to the
AM> authentication page.

EZProxy does all that for you.

AM> The trick here for me is #3. Once I have authenticated a user,
AM> how do I keep them from having to authenticate more than once?
AM> I'm guessing that the solution to this is setting a session
AM> cookie that gets checked in some way. But I haven't done anything
AM> with cookies in this way. Or maybe there is a better way to do this?
AM> I'm sure there is a way to have my cake and eat it
AM> too. I just don't know where I should be directing my efforts here.

Again, EZProxy does it all for you.

If those of us up in the deserts of Idaho can do it, I'm sure you can
too.  Really simple.  Contact me off list if you want more info.

cheers

dan

-- 
Dan Lester, Data Wrangler  dan at RiverOfData.com 208-283-7711
3577 East Pecan, Boise, Idaho  83716-7115 USA
www.riverofdata.com  www.gailndan.com  Stop Global Whining!