Password Protected Directories
When a user enters a password-protected URL, IGV prompts for a user name and password. If the username/password combination is incorrect, IGV will continue to ask the user to authenticate until the combination is entered correctly or the user clicks Cancel.
Verification and Examples
There is an example site so that users can test the password protection feature. Click http://www.broadinstitute.org/igvdata/private/. IGV should prompt for a username and password. Enter:
After verifying that server connection and authentication, user can try the following example files in IGV by clicking File>Load from URL:
Setting Up a Password-protected Site
There are many ways to set up a password-protected site. The following describes one method of handling this on an Apache server.
The Apache HTTP Server is a commonly used web server; it is, for example, in use at the Broad Institute. Setting up a password requires:
The Access File (.htaccess) is located in the restricted directory. It should contain the following information:
The first line should contain the path to the Password File.
The Password File (.htpasswd) should be placed in a directory that is accessible internally, not through the web. This is can be the home directory, but it must be a location that is not externally visible. An example password file might look like this:
The file contains the usernames and passwords for all authenticated users, with one user per line. In the example line, the username is "user1" and the password is "kJx1GPxWtLet2," which is an encrypted password representing the human-readable word, "password."
To make the authentication lines, users can contact IT staff or use one of several websites that help generate them. The one used for this line was http://www.kxs.net/support/htaccess_pw.html. This website provides a string that can be used in the .htpasswd file.
To test use a web browser to access a file in the password-protected directory URL. You should be prompted for a username and password.