Hi David, Ale, thanks for your answers :) On 03/26/2010 05:24 PM, David wrote: > Simone, > > It looks to me like there may be a problem in how you have configured > basic authentication on your web server. At the moment I didn't configure any server at all :) > Firstly, the fact that you > are able to connect to your unprotected methods without using the > username "admin" with password "admin" leads me to believe that your > server is unprotected by basic authentication. I supposed the django server provides this... > Also, the fact that > you're on port 8000 usually implies that you're using the built-in > Django test server. Yep, because I'm still testing it. > As far as I know, there is no way to configure the > built-in server with basic authentication. With Apache/mod_python, you > can configure it to use Django's database for web server > authentication [1]. With mod_wsgi, take a look at Django ticket #10809 > [2]. > Are you telling me that there's no way to get this workin without an apache in front of django? So, all the questions I'm going to ask you at the end of this email have only this answer? :)
> Alessandro, > > I think what you have is perfect is your web server sets > HTTP_AUTHORIZATION instead of REMOTE_USER when it authenticates. > However, I think you could just subclass the RemoteUserMiddleware [3]. > > > [1] http://docs.djangoproject.com/en/1.1/howto/apache-auth > [2] http://code.djangoproject.com/ticket/10809 > [3] http://docs.djangoproject.com/en/1.1/howto/auth-remote-user > > > -David > @Alessandro: mmm, I see that your code is pretty much the same of this [1], except for the xmlrpc part :) I'll give it a try, but in the mean time I want to understand what is going wrong with the other middlewares. Looking the tutorial I mentioned before and at the code of 'django.contrib.auth.middleware.RemoteUserMiddleware' and 'django.contrib.auth.backends.RemoteUserBackend' the authentication should be done trough "request.META['REMOTE_USER']" but this is not working since the var never appears into my request. Probably there is specific manner to pass it to the request but with the standard xmlrpclib, AFAIK, you can pass those values only within the url (http://user:pas...@www.mysite.com). So, I suppose the middleware to take those values from the http request and set them properly. Also, I found that with these settings: AUTHENTICATION_BACKENDS = ( 'lfs.customer.auth.EmailBackend', #'django.contrib.auth.backends.ModelBackend', 'django.contrib.auth.backends.RemoteUserBackend', ) I'm not able to login using username and password... and here comes the big question: isn't this stack supposed to work as fallback chain? According to the docs [2], yes: "[...] Django tries authenticating across all of its authentication backends. [...]" Moreover, the doc [3] says to replace '*.ModelBackend' with '*.RemoteUserBackend' because it is a subclass of '*.ModelBackend' and that's true: [...] class RemoteUserBackend(ModelBackend): [...] BUT, if I comment out "*.ModelBackend" as above, I can't login with username and password, even if I comment out 'lfs.customer.auth.EmailBackend' too. What's wrong here? Any clues will be much appreciated. [1] http://www.djangosnippets.org/snippets/448/ [2] http://docs.djangoproject.com/en/1.1/topics/auth/#specifying-authentication-backends [3] http://docs.djangoproject.com/en/1.1/howto/auth-remote-user/ -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
