I am stuck trying to get a python based webserver to work.
I want to do Basic Authentication (sending a 401 header) and authenticating against a list of users. I have no trouble sending the 401 response with "WWW-Authorize" header, I can validate the users response (base64 encoded username & password), however, the login box keeps popping up after successful validation.
import SimpleHTTPServer
import SocketServer
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
class Handler(BaseHTTPRequestHandler):
''' Main class to present webpages and authentication. '''
def do_HEAD(self):
print "send header"
self.send_response(401)
self.send_header('WWW-Authenticate', 'Basic realm=\"Test\"')
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
''' Present frontpage with user authentication. '''
self.do_HEAD()
if self.headers.getheader('Authorization') == None:
self.wfile.write('no auth header received')
pass
elif self.headers.getheader('Authorization') == 'Basic dGVzdDp0ZXN0':
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('authenticated!')
pass
else:
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('not authenticated')
pass
httpd = SocketServer.TCPServer(("", 10001), Handler)
httpd.serve_forever()
if __name__ == '__main__':
main()
On first load (http://localhost:10001) the loginbox pops up, I enter test, test (the correct user) user is validated ok, but box pops back up, if I click cancel, I get to the validated page...
Can anyone lend a hand here? I suspect it has something to do with the fact that authorization happens under do_GET, which is triggered everytime a page loads.
To achieve this authentication, typically one provides authentication data through Authorization header or a custom header defined by server. Replace “user” and “pass” with your username and password. It will authenticate the request and return a response 200 or else it will return error 403.
In IIS Manager, go to Features View, select Authentication, and enable Basic authentication. In your Web API project, add the [Authorize] attribute for any controller actions that need authentication. A client authenticates itself by setting the Authorization header in the request.
Try this for size:
import SimpleHTTPServer
import SocketServer
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
class Handler(BaseHTTPRequestHandler):
''' Main class to present webpages and authentication. '''
def do_HEAD(self):
print "send header"
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_AUTHHEAD(self):
print "send header"
self.send_response(401)
self.send_header('WWW-Authenticate', 'Basic realm=\"Test\"')
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
''' Present frontpage with user authentication. '''
if self.headers.getheader('Authorization') == None:
self.do_AUTHHEAD()
self.wfile.write('no auth header received')
pass
elif self.headers.getheader('Authorization') == 'Basic dGVzdDp0ZXN0':
self.do_HEAD()
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('authenticated!')
pass
else:
self.do_AUTHHEAD()
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('not authenticated')
pass
httpd = SocketServer.TCPServer(("", 10001), Handler)
httpd.serve_forever()
if __name__ == '__main__':
main()
That's because you are unconditionally sending 401 and WWW-Authenticate
header in response. You only need to do this when there are no acceptable authentication credentials in request. If you are satisfied with request, send 200 (or whatever appropriate) and do not request authentication again.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With