On 08/01/2008 11:49 Vincent Bernat wrote:
twisted.web2 authentication seems to be a good start, but I am using Nevow. Has someone already done a HTTP basic auth with nevow? In fact, my case is very similar to the one here: http://twistedmatrix.com/pipermail/twisted-web/2007-January/003270.html
But, as I said, Nevow's guard.py seems best suited for web app authentication, not for web services. Can anyone confirm/infirm?
Guard is for web based applications authentication, yes. If you're doing something other than this, you probably do want HTTP auth. Doing HTTP authentication yourself for a web service should be as simple as returning a 403 error until you get a positive authentication. There may be some implementations around for doing this as a resource using t.cred. Digging through some of my older work with t.w turned up the following (obviously extinct and horrific code, but shows what you're looking for) class Page(object): def authenticateUser(self, request, passinfo): user, password = request.getUser(), md5.md5(request.getPassword()).digest() if user==passinfo['username'] and password==passinfo['password']: return True return False def render(self,request, realm, passinfo): if self.authenticateUser(request, passinfo): return self.documentRender(self, request) else: request.setResponseCode(http.UNAUTHORIZED) request.setHeader('WWW-authenticate', 'basic realm="%s"' % realm) return BaseResources.ErrorAuth().render() -- Colin Alston ~ http://www.karnaugh.za.net/ "To the world you may be one person, to one person you may be the world" ~ Rachel Ann Nunes.