How to check if a script is behind WebAuth using the Stanford Web Application Toolkit

From Web Services Wiki

1 Problem
2 Solution
3 Discussion
- 3.1 What is WebAuth?
4 References

Problem

You want to check if a script is protected by WebAuth, or you'd like to make WebAuth mandatory for added security in case the .htaccess file is lost or corrupted.

Solution

Checking if a script is behind WebAuth

Use the method is_behind_webauth in StanfordAuthorization to check if a script is behind WebAuth.

// Include StanfordAuthorization
include_once("stanford.authorization.php");
 
// Initialize StanfordAuthorization
$auth = new StanfordAuthorization();
 
// Check if behind WebAuth
if($auth->is_behind_webauth() == true) {
  echo "This script is behind WebAuth";
}
else {
  echo "This script is NOT behind WebAuth";
}

Making WebAuth mandatory

Use the method require_webauth in StanfordAuthorization to make a script fail when it is not protected by WebAuth. To effectively use this function, save the code in a common file that is included on all secure pages. The function call should come before any sensitive information is displayed or processed.

// Include StanfordAuthorization
include_once("stanford.authorization.php");
 
// Initialize StanfordAuthorization
$auth = new StanfordAuthorization();
 
// Require WebAuth
$auth->require_webauth();

The code shown above will throw an exception and stop execution when the script is run outside of WebAuth. You should catch the exception and do more graceful error handling.

try {
 
  // Require WebAuth
  $auth->require_webauth();
 
}
catch(Exception $e) {
 
  // Script is not behind WebAuth - handle appropriately
 
  // Display a friendly message to the user and exit
  echo "<p>Sorry, you do not have access to this page.</p>";
  exit(0);
 
}

To check if the script requires WebAuth, which is determined by whether require_webauth has been called or not, use the function requires_webauth.

// Check if script requires WebAuth
if($auth->requires_webauth() == true) {
  // Do something
}

Calling StanfordAuthorization from within StanfordApp

If you're using StanfordApp, it is not necessary to create a new StanfordAuthorization instance. Simply call is_behind_webauth, require_webauth, or requires_webauth from StanfordApp.

// Create a new StanfordApp
$app = new StanfordApp();
 
// Check if app is behind WebAuth
$app->is_behind_webauth();
 
// Make app require WebAuth
$app->require_webauth();
 
// Check if WebAuth is required
$app->requires_webauth();

Discussion

What is WebAuth?

WebAuth is the web authentication system used at Stanford. It allows users to log into different web applications on the stanford.edu domain using their already established SUNetID. Read more about WebAuth on IT Services.