Django development server smart card authentication

Question

I would like to use smart card based authentication on the Django development server, as it is the universally accepted means of authentication where I live.

With Apache i can enable it by creating a .htaccess file in the directory that requires authentication:

SSLVerifyClient require
SSLVerifyDepth 2

And in the virtual host:

    <Directory /var/www/www/secure>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride AuthConfig Options
            Order allow,deny
            allow from all
    </Directory>

And by referring to the certificates and revocation lists like this:

SSLCACertificateFile  /etc/apache2/certificate.crt
SSLCARevocationPath /etc/apache2/crl

It's quite annoying not having this functionality for testing and development purposes in Django. Any ideas on how to set it up?

Edit: thanks for your answer, Martin, but it has not really helped gotten me where I want, yet. Anyways, now I have opened a bounty for someone to answer the question by providing a small piece of example code/or more clarification on what to read or where to start.

Answer 1

Why don't you run your development environment with apache? There is nothing apache can not do for you that django dev server can. You can actually set up automatic code changes pickup as it is very convenient for the development purposes, you can read more about this here if you use wsgi: http://code.google.com/p/modwsgi/wiki/ReloadingSourceCode

Answer 2

This answer kind of piggy backs on Martin's answer. You could use something like Fabric http://docs.fabfile.org/0.9.4/ to automate setting up the dev environment apache+wsgi.

Obviously this has some up front time/cost to it but after it is done you'll be able to set up as many environments as you want quickly and easily.

You could couple that with watcher http://www.splitbrain.org/blog/2011-01/07-watcher_a_recursive_incron_alternative to automatically touch your wsgi file and reload your environment everytime you make a change.

Answer 3

SSL capabilities of the development server (or Python in general) are AFAIK quite mediocre. Maybe this has changed recently with newer Python and Django versions, but I doubt it.

You don't need the SSL authentication capabilities in the development server actually. The simplest would be mimicking Apache if you'll be deploying to Apache, with a custom WSGI middleware that would set the same variables (don't rely on mod_ssl certificate parsing, the easiest is to export the authenticated certificate to the environment and use that, for further OCSP or CRL checks for example) and would make your application behave just like you would be authenticated with a client certificate. This approach also allows to run some tricky tests, like what happens if the user has characters like ÕÄÖÜŽŠ etc in the name by using mock certificates.