I am trying to get the information about the user who is accessing the website for user authentication and for some other purpose also. After looking at official documentation of Django I got this article but still when I am trying to access request.META["REMOTE_USER"] I am getting the error because no key exists. After some tweaks when I tried again I was getting the username of my PC even if I tried to access my website from another PC on from the same network.
I am using Django's lightweight server for testing, hosted on my PC and trying and access the website from another PC on the same network.
Please help and try to resolve this issue.
From your documentation link:
This type of authentication solution is typically seen on intranet sites, with single sign-on solutions such as IIS and Integrated Windows Authentication or Apache and mod_authnz_ldap, CAS, Cosign, WebAuth, mod_auth_sspi, etc.
When the Web server takes care of authentication it typically sets the REMOTE_USER environment variable for use in the underlying application.
So, you have to configure your web server to set REMOTE_USER to use that. You don't give a lot of context in your question, but are you sure this is what you're after? Otherwise, I'd recommend starting here:
https://docs.djangoproject.com/en/3.0/topics/auth/
Related
I created a Flask-Webservice with Python that runs independently inside a docker container. I then uploaded the docker image to an Azure Container Registry. From there I can create a WebService (for Containers) with some few clicks in the Azure Portal, that runs this container. So far so good. It behaves just as I want it to.
But of course I don't want anyone to access the service. So I need some kind if authentication. Luckily (or so I thought) there is a built-in authentication-mechanism (I think it is based on OAuth ... I am not that well versed in security issues). Its documentation is a bit sparse on what actually happens and also concentrates on solutions in C#.
I first created a project with Google as described here and then configured the WebApp-Authentication with the Client-Id and Secret. I of course gave Google a java script source and callback-url, too.
When I now log off my Google account and try a GET-Request to my Webservice in the Browser (the GET should just return a "hello world"-String), I am greeted with a Login Screen ... just as I expected.
When I now login to Google again, I am redirected to the callback-url in the browser with some kind of information in the parameters.
a token perhaps? It looks something like this:
https://myapp.azurewebsites.net/.auth/login/google/callback?state=redirxxx&code=xxx&authuser=xxx&session_state=xxx&prompt=xxx).
Here something goes wrong, because an error appears.
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
As far as I now, nginx is a server software that hosts my code. I can imagine that it also should handle the authentication process. It obviously lets all requests through to my code when authentication is turned off, but blocks un-authenticated accesses otherwise and redirects to the google login. Google then checks if your account is authorized for the application and redirects you to the callback with the access token along with it. This then returns a cookie which should grant my browser access to the app. (I am just reproducing the documentation here).
So my question is: What goes wrong. Does my Browser not accept the cookie. Did I something wrong when configuring Google+ or the Authentication in the WebApp. Do I have to use a certain development stack to use the authentication. Is it not supported for any of the technologies I use (Python, Flask...).
EDIT
#miknik:
In Microsofts documentation of the authentication/authorization it says
The authentication and authorization module runs in the same sandbox
as your application code. When it's enabled, every incoming HTTP
request passes through it before being handled by your application
code.
...
The module runs separately from your application code and is
configured using app settings. No SDKs, specific languages, or changes
to your application code are required.
So while you are probably right that the information in the callback-redirect is the authorization grant/code and that after that this code should now be used to get an access token from Google, I don't quite understand how this would work in my situation.
As far as I can see it Microsofts WebApp for Container-Resource on Azure should take care of getting the token automatically and return it as part of the response to the callback-request. The documentation states 4 steps:
Sign user in: Redirects client to /.auth/login/.
Post-authentication: Provider redirects client to /.auth/login//callback.
Establish authenticated session: App Service adds authenticated cookie to response.
Serve authenticated content: Client includes authentication cookie in subsequent requests (automatically handled by browser).
It seems to me that step 2 fails and that that would be exactly what you wrote: that the authorization grant is to be used by the server to get the access token but isn't.
But I also don't have any control over that. Perhaps someone could clear things up by correcting me on some other things:
First I can't quite figure out which parts of my problem represent which role in the OAuth-scheme.
I think I am the Owner, and by adding users to the list in the Google+-Project I authorize them to use my service.
Google is obviously the authorization server
my WebService (or better yet my WebApp for Containers) is the resource server
and finally an application or postman that does the requests is the Client
In the descriptions of OAuth I read the problematic step boils down to: the resource server gets the access token from the authorization server and passes it along to the client. And Azures WebApps Resource is prompted (and enabled) to do so by being called with the callback-url. Am I right somewhere in this?
Alas, I agree that I don't quite understand the whole protocol. But I find most descriptions on the net less than helpful because they are not specific to Azure. If anyone knows a good explanation, general or Azure-specific, please make a comment.
I found a way to make it work and I try to explain what went wrong as good as I can. Please correct me if I go wrong or use the wrong words.
As I suspected the problem wasn't so much that I didn't understand OAuth (or at least how Azure manages it) but the inner workings of the Azure WebApp Service (plus some bad programming on my part). Azure runs an own Server and is not using the built-in server of flask. The actual problem was that my flask-program didn't implement a WSGI-Interface. As I could gather this is another standard for python scripts to interact with any server. So while rudimentary calls from the server (I think Azure uses nginx) were possible, more elaborate calls, like the redirect to the callback url went to dev/null.
I build a new app following this tutorial and then secured it by following the authentication/authorization-tutorial and everything worked fine. The code in the tutorial implements WSGI and is probably more conform to what Azure expects. My docker solution was too simple.
My conclusion: read up on this WSGI-standard that flask always warned me about and I didn't listen and implement it in any code that goes beyond fiddeling around in development.
I am new-ish to using Django, so this may be an easy thing for someone...I hope so!
I have built a Django REST API by following the tutorial found here: http://www.django-rest-framework.org/. When I run the server, I am able to use the Browsable API and navigate through the API, such as specifically this link: http://127.0.0.1:8000/snippets/. I am also able to access this URL through Postman GET request and retrieve the associated Snippets.
Now, here is my problem:
I have created a React Native application where I am fetching data from this URL (my python server is running). I console.log the response from this, and I continually get an error of:
Error: Network Error
at createError (createError.js:15)
at XMLHttpRequest.handleError (xhr.js:87)
at XMLHttpRequest.dispatchEvent (event-target.js:172)
at XMLHttpRequest.setReadyState (XMLHttpRequest.js:478)
at XMLHttpRequest.__didCompleteResponse (XMLHttpRequest.js:324)
at XMLHttpRequest.js:418
at RCTDeviceEventEmitter.emit (EventEmitter.js:179)
at MessageQueue.__callFunction (MessageQueue.js:236)
at MessageQueue.js:108
at guard (MessageQueue.js:46)
I can refresh the link in the browser or Postman and have no issues, but in the fetch...I am unable to have any success, and am only getting back the vague error message above.
I thought it might have to be with a CSRF, or CORS...but I have both of those set-up ok in Django (and the error message doesn't say those so I don't think that is it).
Any suggestions/ideas?
Thanks!
Not that anyone could have specifically known this from my posting...but I would like to post this answer regardless for someone who may have had this same issue.
I have been developing the React Native application via Expo, and deploying it to my physical phone rather than the iOS/Android simulators.
This being the case, clearly my http://127.0.0.1:8000 or http://localhost:etc would not work from my phone! I then switched to using the iOS Simulator and it worked the first try without problem.
We've decided not to use SSL anymore and unfortunately our server guy has quit and now I need to fix this. I've revoked the certs from Comodo, removed the SSL app from Heroku but that was apparently not enough and now we have serious problems with our site.
When visiting inteokej.nu one gets redirected to the app, but automatically http turns to https and instead of showing the domain (inteokej.nu) the app link is shown https://inteokej.herokuapp.com (I want inteokej.nu to be shown, not the actual app link).
That is a problem but not the biggest problem, which is that it's not possible to use the site anymore (e.g login, the static pages works though). When I try to login I first get a https security error and when I proceed I get to the following page: https://www.inteokej.nu/cgi-sys/defaultwebpage.cgi ("Sorry! If you are the owner of this website, please contact your hosting provider: webmaster#inteokej.nu").
I've now learned the hard way that SSL is a complex thing but I really need to get this site up again as soon as possible. So, where should I start and how could I proceed from this point? I guess there's some back end coding that should be done in the django code as well?
Thanks a lot in advance!
Your issue doesn't seem to be with SSL but DNS or at least however your server guy set things up.
The error page you're seeing isn't a Heroku error, inteokej.nu isn't being hosted on Heroku but on a server run by your DNS provider svenskadomaner.se .
If you use the Firefox Live HTTP Headers plugin you can follow the request/response cycle and you'll see that there is a 301 redirect from www.inteokej.nu to inteokej.herokuapp.com (probably an .htaccess redirect).
Check the DNS records for your domain (like here http://viewdns.info/dnsrecord/?domain=inteokej.nu ) you'll see that there is no CNAME record to Heroku, only an A Record to 46.22.116.5 which is an IP Address owned by svenskadomaner.se.
So the thing to do is to set up the custom domain as recommended on Heroku's site:
https://devcenter.heroku.com/articles/custom-domains
and set the CNAME to Heroku's recommendation.
One reason your server guy might have set things up like they did is that Heroku doesn't easily allow "naked domains", so people often do .htaccess redirects from example.com to www.example (which does work easily with CNAMEs).
Good luck!
I'm sure this question is easily googleable, but I can't seem to find the right query to find the answer I want.
I'm running several apps on my home server that all serve their own website for admin and info purposes. Currently I access them all from the internet using http://MyHouseServerAddress.com:8080 etc. Where 8080 is replaced with 8081, 8082 etc. for each app. They all have their own usernames and passwords and some of them use SSL
What I want is to have a single access point, e.g. http://MyHouseServerAddress.com which gives me access to each app. Each app will have a link on that page which will take you to that app's website as if it were just a page on the main site. However... I want the single access point to be password protected and SSL'd, BUT I want to remove the passwords from all the apps as they would be accessed through the single "portal" of the initial page which is password protected and SSL'd. I.e. each app would still serve on it's original port, but that port would no longer be accessible via the internet, instead any traffic from that port would be routed through the single access point.
What I'm trying to do it get a single password login, preferably via SSL to my home server which gives me access to all my other serving apps but also secures them all behind the single login.
Can this be done with a python script or a C# app for instance running some sort of proxy or port forward script? Or would running an Appache server that can redirect traffic through itself work? I'm happy to write code to solve the problem if needed.
I hope this makes sense!
I'm running W7 on my home server.
Thanks,
Max
This sounds very much like a portal with single sign-on. I haven't tried, but you might get away with implementing oauth on your sites and have the main site be the provider.
Other way would be to use soemthing like CAS.
Look at this question for options.
You can install Apache+PHP on port 80, install PHP Web Proxy on it, allow local access to your apps (so they allow access without password from localhost) and secure this gateway with .htaccess and .htpasswd, or another way.
This is most simple solution for home using. Good enterprise solution would be SSO, bad it is not simple.
I've tried to do it like they describe in the AppEngine docs but I can't get it to accept my upload. (I haven't tried to download.) I want to get it working in the development environment before I tried on the live site.
It's kind of confusing, because I don't know if I should be trying appcfg.py or bulkloader.py. (I mostly tried appcfg.py.) I think it's an authentication problem, as it keeps asking me for the email/password. (Even after I removed 'login: admin' from app.yaml.)
I did --dry_run and it seemed to work, so I think my stuff is well formed.
Before asking for specific debugging help, I thought I would ask if anyone knows of working sample code that I can download. I run OS X 10.6, if anyone cares. I'm not new to Python, and have a lot of web.py experience, so it's probably not unfamiliarity with the language that's tripping me up.
The docs have a section on uploading and downloading data, with examples. You should be using appcfg.py unless you need one of the features of bulkloader.py that are not yet integrated, such as --dump/--restore functionality.
It sounds like the authentication problems you're having are related to Google Apps: If you have an App Engine app that allows any Google account to authenticate, and you have a Google Apps account as administrator, you won't be able to authenticate against your app as an administrator with it, even if you have created a Google account for that email address. You need to create a gmail account, and add that account as an administrator, so you can use that address when you need to authenticate against your app.