ONe of my system components is using the Basic HTTP Authrozation ( http://en.wikipedia.org/wiki/Basic_access_authentication ) for log in information. Another part of my system is running a django application which uses the 'django.contrib.auth' app for authentication.
Would code like this work?
def urlHandler(request):
if request.user.is_authenticated():
// ...
The urlHandler in this case would handle the request which has the Authorization: Basic dXNlcjpwYXNz appended to its HTTP GET. Would the django authorization backend integrate with this?
Obviously I tried the above code and it does not seem to work...
Is there a middleware that would work in this case?
Thanks
This has been asked and answered: Can I use HTTP Basic Authentication with Django?
(The answer is yes. See http://docs.djangoproject.com/en/dev/howto/auth-remote-user/ for details.)
Related
has anyone encountered in DRF that the request from a react native app IOS Simulator is always been denied because of the Authorization header,
Basically, it doesn't accept my authorization header even if its correct and it is working fine on an android simulator and Insomnia.
I'm using a specific RetrieveAPIView for that, and the weird thing is I also have a ListAPIView that needs Authorization but that one is working fine on request from IOS simulator, Hoping that someone could help me here.
The solution I've made so far is:
Enabling all server on my accepted Django CORS setting.
Editing Info.plist file that allows the app to run or request even in local domains.
Pointing to my domain which has a valid SSL certificate.
But none of the above is working. thank you.
We are using the built in django.contrib.auth to handle most of our users log-ins/registrations.
However we also want to have basic HTTP Auth access to our app api so that we can access it via a command line interface project we are building.
The closest thing I found was this: https://djangosnippets.org/snippets/243/
But that is from all way back in 2007 and there is nothing more recent, I was surprised to not see anything added to Django to resolve this issue. Is there a library that I may be missing?
My manager suggested I build some middleware to handle this, is this the best way?
I want to use both token and session based authentication in my application with the priority of token. I have created two portal with the same URL one is using session and other is using token. So when session is available in cookie then token based request goes failed with "CSRF Token is missing" error message.
One solution I have in my mind using middle-ware where I can make priority to token. If both are available in request then custom middle-ware will remove session related stuffs and keep only token related information and proceed.
If anyone has solution available for this problem then please post in answer?
Thanks in advance.
In my case I have written custom middle-ware to handle the situation.
1. When I am login using API and api path is **/api/accounts/login**. So when request comes on this url then I am removing sessionid and csrftoken both.
When HTTP_AUTHORIZATION is available in request, I remove the session and csrftoken.
Using above two removal situation can be handled in my case.
Thanks to everyone for helping.!!
Django middleware execute in order according to the MIDDLEWARE_CLASSES tuple.
You'll want to ensure your Token based authentication middleware is located after AuthenticationMiddleware in MIDDLEWARE_CLASSES.
The docs describe this approach in the context of RemoteUserMiddleware.
I am using Django framework for my backend support for a mobile app.
I choose to use the original Django's views.py to get my API url mapping and dump JSON for response, rather than using other REST frameworks like Django REST Framwork or TastiPie.
Now if I make a cross domain HTTP Request from my mobile client app. normally I will get a 403 Forbidden error because of Django's built-in CSRF protection. It seems like it can only work when I exempt it explicitly before each function in views.py. My question is, is it safe to exempt the protection? If exempt csrf is not a good way to do, what suggestions do you have on my situation?
Thanks
I have an application that will use flask and mongodb; I will probably host it on rackspace.
I need to understand how flask authenticating works. I have not found much information on the subject. Is there a complete tutorial on how to roll your own solution? If not, I certainly would like to hear some thoughts on how you would approach it for a a flask app.
Big PS:
I just thought about it. I also need to open a real API. A part of that API will be used for AJAX on the front end. How do i secure that part of the app?
Can anyone explain API auth requests?
I would suggest using the flask-login extension, it makes session management really easy to add to your flask application, and provides a nice documentation which covers in details every aspect of the extension.
I don't think that flask has any authentication built-in, only support for tracking sessions.
Here are some snippets for basic HTTP authentication and authentication with some third-party providers. Otherwise you will need to roll your own or use a framework that has this baked in (like Django)
Here is a discussion thread on this topic with a useful link
Flask-Login doesn't, technically, do authentication - it does session management, leaving the (tricky to securely implement) authentication details to you. Something like Flask-Security actually implements both session management and authentication (also nice-to-haves like password recovery/reset and the like), at the cost of having to have explicit support for your database.