Passing apache2 digest authentication information to a wsgi script run by mod_wsgi

Question

I've got the directive

<VirtualHost *>
    <Location />
        AuthType Digest
        AuthName "global"
        AuthDigestDomain /
        AuthUserFile /root/apache_users
        <Limit GET>
            Require valid-user
        </Limit>
    </Location>
    WSGIScriptAlias / /some/script.wsgi
    WSGIDaemonProcess mywsgi user=someuser group=somegroup processes=2 threads=25
    WSGIProcessGroup mywsgi
    ServerName some.example.org
</VirtualHost>

I'd like to know in the /some/script.wsgi

def application(environ, start_response):
    start_response('200 OK', [
        ('Content-Type', 'text/plain'),
    ])
    return ['Hello']

What user is logged in.

How do I do that?

Answer 1

add WSGIPassAuthorization On:

<VirtualHost *>
    <Location />
        AuthType Digest
        AuthName "global"
        AuthDigestDomain /
        AuthUserFile /root/apache_users
        <Limit GET>
            Require valid-user
        </Limit>
    </Location>
    WSGIPassAuthorization On
    WSGIScriptAlias / /some/script.wsgi
    WSGIDaemonProcess mywsgi user=someuser group=somegroup processes=2 threads=25
    WSGIProcessGroup mywsgi
    ServerName some.example.org
</VirtualHost>

Then just read environ['REMOTE_USER']:

def application(environ, start_response):
    start_response('200 OK', [
        ('Content-Type', 'text/plain'),
    ])
    return ['Hello %s' % environ['REMOTE_USER']]

More information at mod_wsgi documentation.

Answer 2

Additional information about Apache/mod_wsgi and access, authentication and authorization mechanisms can be found in:

http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms

The information isn't passed by default because doing so could leak password information to applications which maybe shouldn't get it.