Password Protected Directories

Overview

When a user enters a password-protected URL, IGV prompts for a user name and password. If the username/password combination is incorrect, IGV will continue to ask the user to authenticate until the combination is entered correctly or the user clicks Cancel.

Verification and Examples

There is an example site so that users can test the password protection feature. Click http://www.broadinstitute.org/igvdata/private/.  IGV should prompt for a username and password.  Enter:

username: guest
password: password

After verifying that server connection and authentication, user can try the following example files in IGV by clicking File>Load from URL:

  • http://www.broadinstitute.org/igvdata/private/SignalK562H3k36me3.tdf
  • http://www.broadinstitute.org/igvdata/private/cpgIslands.hg18.bed
  • http://www.broadinstitute.org/igvdata/private/snp130.bedz
  • http://www.broadinstitute.org/igvdata/private/snp130.bedz.sai

Setting Up a Password-protected Site

There are many ways to set up a password-protected site.  The following describes one method of handling this on an Apache server.

Apache

The Apache HTTP Server is a commonly used web server; it is, for example, in use at the Broad Institute. Setting up a password requires:

  • an Access File
  • a Password File

The Access File (.htaccess) is located in the restricted directory.  It should contain the following information:

AuthUserFile /home/[path]/.htpasswd
AuthName "Private IGV Folder"
AuthType Basic
Require valid-user

The first line should contain the path to the Password File.

The Password File (.htpasswd) should be placed in a directory that is accessible internally, not through the web. This is can be the home directory, but it must be a location that is not externally visible.  An example password file might look like this:

user1:kJs1GPxWtLet2

The file contains the usernames and passwords for all authenticated users, with one user per line. In the example line,  the username is "user1" and the password is "kJx1GPxWtLet2," which is an encrypted password representing the human-readable word, "password."

To make the authentication lines, users can contact IT staff or use one of several websites that help generate them.  The one used for this line was http://www.kxs.net/support/htaccess_pw.html. This website provides a string that can be used in the .htpasswd file.

To test use a web browser to access a file in  the password-protected directory URL.   You should be prompted for a username and password.