Menu
I'm writing a web application for a closed user group. It will be served via HTTPS only. The server should check if the user is allowed to access the server by checking the user's SSL certificate. I would prefer to just have a whitelist (ex: field with user cert in userprofile), rather than signing their keys with my CA. As there would be no user/pass, content will depend on which certificate was provided by client.
I know that I can just supply a list of their certs to apache/nginx, but I don't like this solution because I would need to keep this list in two places: apache(access/deny) and Django:auth middleware(content depends on which cert was provided). Maintaining this could be a nightmare.
Is there a nicer way of doing this? Should I let Django handle the SSL?
507
I have created a django module for this, the implementation available under MIT license on github. Basically the approach is so that:
User model you are using.
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
