Python Forum
Prompt of Access ( Authentication Http ) ?
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Prompt of Access ( Authentication Http ) ?
#1
I'm doing some authentication tests through the http header, but the browser's login prompt window isn't being triggered? I think I'm forgetting something, below is the example:

from wsgiref.simple_server import make_server
 
 
def app(environ, start_response):
 
    status = "401 Unauthorized"
    headers = [
        ("Content-type", "text/plain; charset=utf-8"),
        ("WWW-Authenticate:", "Basic realm=Access to the internal site")
    ] 
    start_response(status, headers)
 
    # The returned object is going to be printed
    return [b"401 Unauthorized"]
 
with make_server("", 8000, app) as httpd:
    print("Serving on port 8000...")
 
    # Serve until process is killed
    httpd.serve_forever()
Reply
#2
This is a stab in the dark, but it's possible there may be something here that can help.
Reply
#3
I checked the link, but nothing related to schema type and realm as is in the statement below that triggers the window prompt for http authentication:

(Dec-07-2022, 10:27 PM)JohnnyCoffee Wrote: ("WWW-Authenticate:", "Basic realm=Access to the internal site")
Reply
#4
The colon at the end of WWW-Authenticate is wrong.
But you also require handling:
  • Not Authorized
  • Authorized
  • Incorrect authorization

Code to handle this:
from base64 import b64decode
from hashlib import sha256
from wsgiref.simple_server import make_server

CREDENTIALS = ["fb44d98b9d56bbe49028eacc8574f5715178e6d3470d276a1697de3df68e7579"]
HEADER_AUTH = [
    ("Content-type", "text/plain; charset=utf-8"),
    ("WWW-Authenticate", "Basic realm=Access to the internal site"),
]
HEADER_NORMAL = [HEADER_AUTH[0]]
HTTP401 = "401 Unauthorized"


def app(environ, start_response):

    auth = environ.get("HTTP_AUTHORIZATION", "")

    if not auth.startswith("Basic"):
        start_response(HTTP401, HEADER_AUTH)
        return [b"401 Unauthorized"]

    username, password = b64decode(auth.split()[-1]).split(b":")

    if sha256(username + password).hexdigest() in CREDENTIALS:
        start_response("200 Ok", HEADER_NORMAL)
        return [b"200 Ok"]
    else:
        start_response(HTTP401, HEADER_AUTH)
        return [b"401 Unauthorized"]


with make_server("", 8000, app) as httpd:
    print("Serving on port 8000...")
    httpd.serve_forever()
You won't use this in production. There is a middleware for HTTPBasicAuth.
https://github.com/mvantellingen/wsgi-basic-auth
Larz60+ likes this post
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
Reply
#5
- double post
Almost dead, but too lazy to die: https://sourceserver.info
All humans together. We don't need politicians!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  http.client.HTTPSConnection and user authentication? geekgeek 2 5,893 Sep-20-2022, 12:00 PM
Last Post: 68k
  IMAP authentication matt_the_hall 0 1,955 Feb-23-2021, 08:38 PM
Last Post: matt_the_hall

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020