As I understand it, repoze.who expects you to return a 401 when auth is required and pyramid returns a 403. The solution is to register a Forbidden view that converts the 403 into a 401 (pyramid.httpexceptions.HTTPUnauthorized).
http://docs.pylonsproject.org/projects/pyramid/1.0/narr/hooks.html#changing-the-forbidden-view Michael On Sat, Mar 19, 2011 at 7:00 AM, agrzelak <[email protected]> wrote: > Hello, > > I'm trying to use "pyramid_who" plugin in my application. I've > configured authentication and authorization policies, wrote simple who > config file (just basicauth for id and challenge, custom > authenticator). When I'm trying to access a protected view, pyramid > outputs 403 Forbidden (forbidden view), without asking for credentials > via basicauth. I guess I'm doing something wrong. > > Is there any sample application that shows how to use "pyramid_who" > plugin, or could someone provide one? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
