Prompt of Access ( Authentication Http ) ? - Printable Version +- Python Forum (https://python-forum.io) +-- Forum: Python Coding (https://python-forum.io/forum-7.html) +--- Forum: Networking (https://python-forum.io/forum-12.html) +--- Thread: Prompt of Access ( Authentication Http ) ? (/thread-38898.html) |
Prompt of Access ( Authentication Http ) ? - JohnnyCoffee - Dec-07-2022 I'm doing some authentication tests through the http header, but the browser's login prompt window isn't being triggered? I think I'm forgetting something, below is the example: from wsgiref.simple_server import make_server def app(environ, start_response): status = "401 Unauthorized" headers = [ ("Content-type", "text/plain; charset=utf-8"), ("WWW-Authenticate:", "Basic realm=Access to the internal site") ] start_response(status, headers) # The returned object is going to be printed return [b"401 Unauthorized"] with make_server("", 8000, app) as httpd: print("Serving on port 8000...") # Serve until process is killed httpd.serve_forever() RE: Prompt of Access ( Authentication Http ) ? - Larz60+ - Dec-08-2022 This is a stab in the dark, but it's possible there may be something here that can help. RE: Prompt of Access ( Authentication Http ) ? - JohnnyCoffee - Dec-08-2022 I checked the link, but nothing related to schema type and realm as is in the statement below that triggers the window prompt for http authentication: (Dec-07-2022, 10:27 PM)JohnnyCoffee Wrote: ("WWW-Authenticate:", "Basic realm=Access to the internal site") RE: Prompt of Access ( Authentication Http ) ? - DeaD_EyE - Dec-08-2022 The colon at the end of WWW-Authenticate is wrong.But you also require handling:
Code to handle this: from base64 import b64decode from hashlib import sha256 from wsgiref.simple_server import make_server CREDENTIALS = ["fb44d98b9d56bbe49028eacc8574f5715178e6d3470d276a1697de3df68e7579"] HEADER_AUTH = [ ("Content-type", "text/plain; charset=utf-8"), ("WWW-Authenticate", "Basic realm=Access to the internal site"), ] HEADER_NORMAL = [HEADER_AUTH[0]] HTTP401 = "401 Unauthorized" def app(environ, start_response): auth = environ.get("HTTP_AUTHORIZATION", "") if not auth.startswith("Basic"): start_response(HTTP401, HEADER_AUTH) return [b"401 Unauthorized"] username, password = b64decode(auth.split()[-1]).split(b":") if sha256(username + password).hexdigest() in CREDENTIALS: start_response("200 Ok", HEADER_NORMAL) return [b"200 Ok"] else: start_response(HTTP401, HEADER_AUTH) return [b"401 Unauthorized"] with make_server("", 8000, app) as httpd: print("Serving on port 8000...") httpd.serve_forever()You won't use this in production. There is a middleware for HTTPBasicAuth. https://github.com/mvantellingen/wsgi-basic-auth RE: Prompt of Access ( Authentication Http ) ? - DeaD_EyE - Dec-08-2022 - double post |