Authorization using Basic Authentication
2 views
Skip to first unread message
adrian
Apr 22, 2009, 10:52:01 AM4/22/09
to Django REST interface
I think this project is great and will fit well with the api we're
trying to provide with our app.
One thing I haven't been able to figure out is how to handle
authorization using the basic authentication. Certain users have
access to api functionality that other users don't have so it is
critical that we're able to determine which user is authenticating
with the api.
But when I authenticate with user 'Adrian' I expect that request.user
would be set to 'Adrian', instead it is set to AnonymousUser. Is this
the intended design or am I doing something wrong?
Anyone have suggestions on how I might add the user account to the
request?
Thanks.
trying to provide with our app.
One thing I haven't been able to figure out is how to handle
authorization using the basic authentication. Certain users have
access to api functionality that other users don't have so it is
critical that we're able to determine which user is authenticating
with the api.
But when I authenticate with user 'Adrian' I expect that request.user
would be set to 'Adrian', instead it is set to AnonymousUser. Is this
the intended design or am I doing something wrong?
Anyone have suggestions on how I might add the user account to the
request?
Thanks.
max
May 25, 2009, 8:16:00 PM5/25/09
to Django REST interface
Hey Adrian, what you want to do is something like this (in urls.py):
match_resource = Collection(
queryset = Match.objects.all(),
permitted_methods = ('GET', 'DELETE'),
responder = JSONResponder(),
authentication = HttpBasicAuthentication
(authfunc=client_http_basic_auth)
)
this lets you do HttpBasicAuthentication. What I did is I wrote my
own "authfunc" called client_http_basic_auth that basically compares
the username and password to my application-specific user table
(Rather than the django one). I ripped the password hashing stuff
from the user create stuff from the admin package (set_password,
check_password, get_hexdigest, etc).
This is nice because you can do Http auth based on a database rather
than a file in apache.
Does that help?
match_resource = Collection(
queryset = Match.objects.all(),
permitted_methods = ('GET', 'DELETE'),
responder = JSONResponder(),
authentication = HttpBasicAuthentication
(authfunc=client_http_basic_auth)
)
this lets you do HttpBasicAuthentication. What I did is I wrote my
own "authfunc" called client_http_basic_auth that basically compares
the username and password to my application-specific user table
(Rather than the django one). I ripped the password hashing stuff
from the user create stuff from the admin package (set_password,
check_password, get_hexdigest, etc).
This is nice because you can do Http auth based on a database rather
than a file in apache.
Does that help?
Reply all
Reply to author
Forward
0 new messages