Securing Omniscope files over the web

Omniscope files can use the Internet to determine who should be able to open them

The Server Permissioning file security option in Omniscope allows you to save an IOK file with a URL pointing to a web server which will be used to authenticate users who try to open the Omniscope file, however they obtained it. This option can be used with Omniscope files saved to shared network folders accessible to a wider group, or to files shared via folder synchronisation services, like DropBox, or files downloaded from external web sites and perhaps forwarded.

Requirements

• Omniscope files to be secured must be 'owned' by an Omniscope Server Edition or higher, which is used to save the file
• HTTP authentication must already running on the web server selected to authenticate the file against
• If the identities/authorities to be applied are governed by a Directory service, like Active Directory or LDAP, the web server must be federated
• If you intend to use HTTPS connections, you must used signed and valid certificates
• Obviously, the person trying to access the Omniscope file needs to be online 

Note: In general Omniscope files will work offline, but not if they require Server Permissioning authentication before openning 

Example assuming Apache web server used to authenticate

The example below describes how to set up basic Omniscope file authentication assuming the web server being used to authenticate against is running Apache. However, Server Permissioning will work with any other HTTP/HTTPS authentication server. 

Step 1: Creating authentication directory

In your main website root directory create a new folder which can be named anything i.e. test. This new folder should be accessible from the web in the following format:

http://<domain name>/<folder name>

or

https://<domain name>/<folder name>

Where <domain name> should be replaced with the actual domain name e.g. 'www.visokio.com' and <folder name> with the name of the folder created above i.e. authentication. The final URL should look like http://www.visokio.com/authentication or https://www.visokio.com/authentication

Once the URL above is working, create an index.html/index.jsp/index.php relevant page which is just a welcome message e.g. "You have successfully logged in from Omniscope" in the folder created above. This page is shown to the user once they have successfully logged in through Omniscope and the file will then open. 

Step 2: Creating HTTP password

The next step is to create HTTP authentication to determine which users are allowed to access to this location. First you need to create the password file with the usernames and passwords using Apache htpasswd.exe. For further information please refer to http://httpd.apache.org/docs/2.0/programs/htpasswd.html

Step 3: Creating .htaccess file

Once you have created the HTTP password file the next step is to create the .htaccess file. Create a new file called '.htaccess' in the folder created in Step 1. Open the file in Notepad and enter the authentication information please refer to Apache docs for further information. For example:

AuthType Basic
AuthName "My test"
AuthUserFile "C:\Apache\htPasswdFile"
Require user test

Helpful information: 

AuthType: The type of authentication
AuthName: This name is shown when asking for user credentials
AuthUserFile: Is the full path to the http password file.
Require user: This can be either 'valid-user' or certain user names from the htpasswd file. Please consult apache document for further information.