Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By cscsteve on
I am responsible for my company's engineering intranet, which we used to have blocked by a generic http auth login (everyone just used the same "account"). Recently we refurbished the site and added drupal for the main site. We have several other applications running on the site, including bugzilla and dotProject. For these apps, I added a block with links to each of these tools, and made it not show up unless you've got the appropriate role marked. For now, we don't care about integration, they've got to log into each application separtely.
Now with drupal everyone has their own logins, which increases accountablity. That's great since eventually we'll open up access to the site for the entire company instead of just limiting it to engineering, and different departments will have access to different content. But of course that killed the http auth security...
I just installed the securesite module in order to get the http auth security back, and that works great. But, if the user directly types in http://server/dotproject/ he can bypass the http auth security and get to the dotproject page (a login page if they're not logged in). How do I get the http auth to work over the entire site, especially non-drupal related directories?
Thanks,
- Steve
Comments
bump
Surely there's someone who's doing this. Any ideas?
Not sure..
Never done this and not 100% familiar with the secure site module, but my suggestion would be to basically double up. Meaning, put your http authentication back in place so that direct urls will find that and drupal links will find the secure_site.module - and then you just have to make sure that the same login is used for each method. Hope that helps.
Otherwise, sounds like this might be something to ignore and focus on integration of the apps instead. Also, if they have to login to the other apps anyways, why are you worried about the http authentication bit? Using the direct URL still requires them to login before having access to the other systems. So having the double login seems unnecessary
-Ryan
--Ryan
Ryan Cross
James Cross Construction Services
Project Management Software