Hey Massimo et al,
Your diligence in forums in commendable, and it definitely helps in times
like this!
I have a situation where I want to run basic auth in a single controller
only, and, instead of authenticating against the auth_user table, I want to
do my own custom username/password verification (basically a data and
signature match).
Okay, one would think it to be easy, and I've done the following:
- Make sure WSGIPassAuthorization On is present in apache config (just
as it's defined in the ubuntu startup script)
- Enable allow_basic_login for a specific controller, and authenticate:
- if request and request.controller == 'download':
auth.settings.allow_basic_login = True
auth.basic(basic_auth_realm="MyRealm")
- Get code from git commits so that basic_auth_realm has any meaning
and use it my custom auth class
(this<https://github.com/web2py/web2py/commit/eab7815c24c6b988525ab580c07ce1c4374feb7a>
and this
too<https://github.com/michele-comitini/web2py/commit/a078f860d27f5a30d277d90d18add43b2f0e2c13>
)
*My problem is* that when I
raise HTTP(401, u'Not Authorized', **{'WWW-Authenticate': u'Basic realm="'
+ basic_realm + '"'})
like is done in the new basic method (or anywhere, in fact), the
WWW-Authenticate header is not being sent.
If I raise any other error, like a 403, the WWW-Authenticate header is sent!
Looking in the gluon HTTP code, it looks like something is done to headers
with a 4XX code in the to() method, but I don't think that's the problem
because it works with a 403.
For reference, I have the latest version of apache (2.2.22-1ubuntu1.3),
web2py (2.5.1-stable+timestamp.2013.06.06.15.39.19), and mod_wsgi (
3.3-4build1).
I would someone's assistance; maybe they can point out a fundamental
misunderstanding.
Thanks!
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
