I am struggling to set up for authentication with apache and mod wsgi in Django.
I have a big question mark. It is fundamental question for me before beginning to use basic or digest authentication in apache really.
Why do you need basic or digest authentication in Django in the first place? Django has own authentication system. You can manage permissions with user and permission itself in Django.
I think there is a clear case that you need this apache authentication. I don't think people put effort to explains how to set up for using apache authentication with mod wsgi in Django manual if you don't need it at all.
In Django manual,
for example, you could:
1.Serve static/media files directly from Apache only to authenticated users.
2.Authenticate access to a Subversion repository against Django users with a certain permission.
3.Allow certain users to connect to a WebDAV share created with mod_dav.
Even after reading this setence and manual repeatly, I can't come up with some situation which need to select using apache authentication for the best option.
why do you need to use apache authentication in Django or in Which special situation do you need it?
Both apache and django authentication are different. First one is web server level and next is application level.
One thing, there will be some urls accessible both login and without login.This type of auth cannot be set in apache(from my knowledge).You can do it in inside django.
Related
I am building a web app with a Django backend and React/Redux frontend running on separate servers. I have begun to try and start working on authentication and I cannot find a tutorial that suits my needs. Every tutorial either uses deprecated modules like drf-jwt (as opposed to simple-jwt) or has a simple mono-server that houses both the backend and the frontend in one directory. The former is useless and I do not want to do the latter as I like having the two separate servers for when I move on to deployment. Now can someone direct me to a good source of knowledge for getting this done? It doesn't have to be a tutorial it can be anything. I am really lost and I do not know how to begin.
you can use 3rd party packages djoser: Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. for more information: https://pypi.org/project/djoser/
I'm using token authentication from Django Rest Framework so, after a login/password verification, the token on response can be used on any DRF endpoint.
I'm trying to setup OpenWisp Django-IPAM with WebUI authentication via LDAP. We have an OpenLDAP server within our network and I am looking to use a simple LDAP lookup to check for a valid user object for login.
I see that the API's generics.py file has an authentication_classes section, which then contains SessionAuthentication and BasicAuthentication.
Is this the same mechanism that handles the authentication for the Web UI? Is there a way to configure OpenWisp Django-IPAM to use something like Django-Auth-LDAP for authentication when logging into the web interface?
the authentication of the web UI of OpenWISP Django-IPAM works like default authentication of other django projects. So to use LDAP authentication at the web UI, you simply need to edit your settings.py file to contain the setups as shown here.
Something like django-auth-ldap will help, but users will have to start a session by authenticating against the django authentication backends before being able to use the API (eg: login via the admin or provide another login view).
After a successful LDAP authentication using the method mentioned above, a new local user will be created, which maps the LDAP user.
I'm not sure if LDAP authentication requires a redirect to another application (like oauth2 or SAML) or if username and password are just redirected behind the scenes, in the latter case, BasicAuthentication should work, I just look at its code and it looks like it respect the standard django authentication framework, which supports multiple authentication backends (the LDAP backend is provided by the third party app suggested above).
A sidenote: we're moving the development of django-ipam to openwisp-ipam, It's mostly the same. I suggest you to upgrade.
we are developing an application using Angular2 as frontend and Django as a backend. A Django backend is already in place, while the Angular2 application is in development. We chose, for obvious reasons, to use Django REST as a way to communicate with the backend.
The application login and the backend login are done in two different pages but of course the login domain and the user base is the same. The two login are working properly by themselves, but we wanted to find a way to implement a transparent login (so an user can log into any of the two application and be recognized by the other one without re-logging).
The Angular frontend is currently using Token Authentication. The server does send the csfr and session cookie along with the token. Moving to the backend, the csfr cookie is preserved, while the session is not, so a new login is required (of course, backend and Angular frontend are on different subdomains but in the same domain, the cookies are set on the domain, with two dots: '.domain.com') .
Is it possible to do what we desire? Could someone help us find the proper way to do it?
We've done some research and found Django CAS, but it's not clear for us what's about and if it fits our use case.
Thank you very much
I have a Django installation with userena and django_facebook working pretty fine. Can I somewhat make my authentication work from another database (one database for authentication and another for everything else)? The problem is that the project I'm working on requires the same authentication across different Django installations on servers with one entire server for the databases. Should I make a database router that handles all the apps or is there a better solution?
Authentication backends are what you are looking for. Django documentation: https://docs.djangoproject.com/en/dev/topics/auth/#other-authentication-sources
Simple database routers solved the problem with regular Django authentication and Userena authentication. I'm guessing it will be the same with Facebook as they are chained together. The only downfall is that the user for the admin panel is the same across all sites.
I have a Django web app that I would like to use in a single-sign-on solution for a number of remote apps that use Apache authentication.
I can see how to authenticate Apache from a local Django instance and an old Apache module for doing basic queries off postgresql (but without the syntax support to phrase queries with joins to check Django group permissions)
Any suggestions?
I would like to avoid having to switch to using a directory service in the short term (e.g. ActiveDirectory, LDAP) if possible.
.M.
EDIT: Also found mod_auth_external
The following should work for you.
http://www.openfusion.com.au/labs/mod_auth_tkt/
You can use the apache module to hit a specific view in your Django app to generate a ticket for valid users. Then all the other applications can do basic authentication against Django via a URL.
This gives you SSO using the Django user database for legacy apps using HTTP basic authentication.