Jump to content


From mediawiki.org
MediaWiki extensions manual
Release status: stable
Implementation User identity , User rights , Hook
Description Allows to automatically authenticate users coming from certain network addresses
Author(s) Olaf Lenz (Olenztalk)
Latest version 2.1.2 (2020-03-17)
MediaWiki 1.35+
Database changes No
License GNU General Public License 2.0 or later
  • $wgNetworkAuthUsers
  • $wgNetworkAuthSpecialUsers
Quarterly downloads 4 (Ranked 132nd)
Translate the NetworkAuth extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The NetworkAuth extension is intended to bind particular network addresses to specific users. When the wiki is accessed from a specific network address, they will be automatically logged in with the specified user name. When a wiki is configured not to allow anonymous read and/or write access, the extension can be used to grant read and write access for users from particular network addresses (e.g. from the intranet of a company).


  • Download and move the extracted NetworkAuth folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/NetworkAuth
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'NetworkAuth' );
  • Configure as described in this section.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.


To configure the extension, set the configuration parameter $wgNetworkAuthUsers in LocalSettings.php, and optionally the configuration parameter $wgNetWorkAuthSpecialUsers.

Basic configuration[edit]

The configuration parameter $wgNetworkAuthUsers is an array that can contain one or several arrays to configure what user is logged in when a wiki page is loaded from a specific network address. NetworkAuth only becomes active when a user is not logged in already. When NetworkAuth detects an attempt to load a page by an anonymous user, it will check whether the source IP address of the request is matched by any of the records in $wgNetworkAuthUsers. If it is, it will log in the specified user.

The username defined in the configuration must be for a user that already exists in MediaWiki.

require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";

# Log-in unlogged users from these networks
$wgNetworkAuthUsers[] = [
	'iprange' => [ '',
	               '' ],
	'user'    => 'NetworkAuthUser',

# Log-in unlogged users when IP matches this regular expression
$wgNetworkAuthUsers[] = [
	'ippattern' => '/10\.1\.10\..*/',
	'user'      => 'NetworkAuthUser',

# Log-in unlogged users when IP’s reverse DNS lookup matches this domain
$wgNetworkAuthUsers[] = [
	'hostpattern' => '/.*\.domain\.example\.com/i',
	'user'        => 'AdminComputer',

# To use the contents of the page MediaWiki:Networkauth-ips
# (Where the page is formatted as a '*' followed by either an IP or range)
$wgNetworkAuthUsers[] = [
	'ipmsg' => 'networkauth-ips',
	'user'  => 'Foo',

Optional configuration[edit]

Personal header when connected with a user configured in $wgNetWorkAuthSpecialUsers

It might be a good idea not to use NetworkAuth to log in a normal user account, but a special user account instead that exists exclusively for this purpose (e.g. "NetworkAuthUser"). In that case, one can add this account to the configuration parameter $wgNetWorkAuthSpecialUsers. Users in this list do not get the normal list of Personal Urls. Instead, the PersonalUrls show:

  • that the user is logged via the NetworkAuth extension
  • the IP address of the user
  • a link to log out
  • a link to log in
$wgNetworkAuthSpecialUsers[] = 'NetworkAuthUser';