Simone, It looks to me like there may be a problem in how you have configured basic authentication on your web server. Firstly, the fact that you are able to connect to your unprotected methods without using the username "admin" with password "admin" leads me to believe that your server is unprotected by basic authentication. Also, the fact that you're on port 8000 usually implies that you're using the built-in Django test server. As far as I know, there is no way to configure the built-in server with basic authentication. With Apache/mod_python, you can configure it to use Django's database for web server authentication [1]. With mod_wsgi, take a look at Django ticket #10809 [2].
Alessandro, I think what you have is perfect is your web server sets HTTP_AUTHORIZATION instead of REMOTE_USER when it authenticates. However, I think you could just subclass the RemoteUserMiddleware [3]. [1] http://docs.djangoproject.com/en/1.1/howto/apache-auth [2] http://code.djangoproject.com/ticket/10809 [3] http://docs.djangoproject.com/en/1.1/howto/auth-remote-user -David On Mar 26, 7:48 am, Simone Orsi <simah...@gmail.com> wrote: > Hi *, > > I'm trying to set some webservices using rpc4django (cause it supports > also jSON) on Django 1.1. > > I followed this > > http://packages.python.org/rpc4django/#overview > > and this > > http://docs.djangoproject.com/en/1.1/howto/auth-remote-user/ > > so that in my settings.py I have > > MIDDLEWARE_CLASSES = ( > # 'django.middleware.cache.UpdateCacheMiddleware', > 'django.middleware.common.CommonMiddleware', > 'django.contrib.sessions.middleware.SessionMiddleware', > 'django.contrib.auth.middleware.AuthenticationMiddleware', > 'django.contrib.auth.middleware.RemoteUserMiddleware', > [...] > ) > > and > > AUTHENTICATION_BACKENDS = ( > 'lfs.customer.auth.EmailBackend', > # 'django.contrib.auth.backends.ModelBackend', > 'django.contrib.auth.backends.RemoteUserBackend', > ) > > Here's the string I use to connect: > > s = ServerProxy('http://admin:ad...@localhost:8000') > > With public methods everything works fine (evan without "admin:admin@") > but with protected methods I get a "404 Forbidden". > > Debugging trough the request shows me that the user is still anon: > > (Pdb) kwargs.get('request').user > <django.contrib.auth.models.AnonymousUser object at 0xa9960cc> > > So, it seems to me that the normal http auth doesn't work. > > Is this supposed to work and am I missing something or should I handle > login/logout actions within an ad-hoc webservice? > > TIA, > SimO -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
