[python-win32] ISAPI Filter for authentication
I'm trying to write what I hope is a simple ISAPI filter to require HTTP Auth for a current website but allow Google and other search engines access to the content. I'm aware of the basics for getting an ISAPI filter registered with IIS: http://docs.activestate.com/activepython/2.7/pywin32/html/isapi/doc/isapi.html and I have an example that I think will help in C++: http://support.zeus.com/zws/examples/2005/12/16/basic_authentication_isapi_filter My problems are: * I am unclear on how the IIS data structures come through in python. The ISAPI filter examples in the isapi folder indicate a single fc parameter, but the C++ example shows three parameters. * I don't know where to get the HTTP headers of the current request so that I can examine the user agent * I don't know how to trigger basic auth so that IIS handles it and requests auth from the browser I'll keep digging, but if someone has example code or pointers for me, I'd appreciate the leg up. Thanks. - Randy Syring Development Executive Director Level 12 Technologies https://www.lev12.com/ (formerly Intelicom) Direct: 502-276-0459 Office: 502-212-9913 Intelicom is now Level 12 Technologies,learn more about our name change https://www.lev12.com/our-history. Please update your address book with my new email address. Principled People, Technology that Works ___ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] ISAPI Filter for authentication
Randy Syring wrote: I'm trying to write what I hope is a simple ISAPI filter to require HTTP Auth for a current website but allow Google and other search engines access to the content. I'm aware of the basics for getting an ISAPI filter registered with IIS: Please excuse me for the side trip, but I'm confused by your requirement. If you are willing to allow the general public to access your information via Google, then what's the point of the HTTP Auth? If you have some information that is public and some that is available only after login, then why wouldn't you just put a login button on your web page? That is equally as secure as HTTP Auth, and you are in full control of the process. -- Tim Roberts, t...@probo.com Providenza Boekelheide, Inc. ___ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] ISAPI Filter for authentication
Randy Syring wrote: I'm trying to write what I hope is a simple ISAPI filter to require HTTP Auth for a current website but allow Google and other search engines access to the content. I'm aware of the basics for getting an ISAPI filter registered with IIS: As an additional note from someone that has been doing SEO for quite a while, doing filtering based on the User-Agent (or most any other method, for that matter) will severely hurt your search engine rankings, and can potentially get your pages removed from the index entirely. I would recommend *against* doing this, and instead think about what your objective is and how you can meet your objective while delivering the same experience to both your users and the search engines. ___ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] ISAPI Filter for authentication
On 01/26/2012 01:02 PM, Tim Roberts wrote: Please excuse me for the side trip, but I'm confused by your requirement. If you are willing to allow the general public to access your information via Google, then what's the point of the HTTP Auth? If you have some information that is public and some that is available only after login, then why wouldn't you just put a login button on your web page? That is equally as secure as HTTP Auth, and you are in full control of the process. The customer was only concerned about most people needing a password. If some got access through google cache, that was fine. Furthermore, the site was mostly static content and I didn't want to rebuild it, hence my attempt to use an ISAPI filter to control access without needing to re-write the app itself. On 01/26/2012 01:25 PM, Kris Hardy wrote: As an additional note from someone that has been doing SEO for quite a while, doing filtering based on the User-Agent (or most any other method, for that matter) will severely hurt your search engine rankings, and can potentially get your pages removed from the index entirely. I would recommend *against* doing this, and instead think about what your objective is and how you can meet your objective while delivering the same experience to both your users and the search engines. I decided to head a different route for this very reason, thanks. - Randy Syring Development Executive Director Level 12 Technologies https://www.lev12.com/ (formerly Intelicom) Direct: 502-276-0459 Office: 502-212-9913 Intelicom is now Level 12 Technologies,learn more about our name change https://www.lev12.com/our-history. Please update your address book with my new email address. Principled People, Technology that Works ___ python-win32 mailing list python-win32@python.org http://mail.python.org/mailman/listinfo/python-win32