The other thing which can be a pain with using Apache to handle things is that you are basically restricted to using HTTP Basic/Digest Auth. There still isn't a good solution for having HTML form based login when using Apache to do it. Apache does have mod_session which has that ability, but due to limited demand, never completed the work in mod_wsgi (which is non trivial), to allow Python code to be used as mod_session backend so integrates properly with a Python web application.
Graham > On 14 Aug 2018, at 10:24 am, Peter Lai <[email protected]> wrote: > > IMO It's almost always better to have the application (not the server) handle > auth. This allows you to decouple the service layer from the application > itself (this allows you to host flask on gunicorn etc. in the future). It > also makes admin easier. Admining .htaccess usually requires more privileges > (filesystem/OS level at minimum) instead of allowing the application itself > to do so (you could keep your admin group(s) in LDAP if the app evaluates > permissions based on LDAP). > > On Monday, August 13, 2018 at 8:19:18 PM UTC-4, Graham Dumpleton wrote: > > > > On 14 Aug 2018, at 9:13 am, jerry100 <gerardo...@ <>gmail.com > > <http://gmail.com/>> wrote: > > > > I have a flask application using mod_wsgi with Apache on CenOS 7 and I want > > to only allow a specific group of AD users to login to the application. I > > have not configured users. I am just doing research about what the best > > path would be. Does mod_wsgi have to do anything special or do I just use > > flask-ldap for this type of uthentiction? Being that the application is > > served by Apache thanks to mod_wsgi, does that module have to intervene > > If you are handling login/authentication/authorisation in Flask using > flask-ldap I would presume that mod_wsgi doesn't care. Apache and mod_wsgi > would only come into it if you were using an Apache module for handling > login/authentication/authorisation. > > Graham > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/group/modwsgi > <https://groups.google.com/group/modwsgi>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
