[CentralOH] Website Security with Pylons/Pyramid/Akhet

Mark Erbaugh mark at microenh.com
Tue Jul 19 01:36:01 CEST 2011


On Jul 18, 2011, at 9:26 AM, Brian Costlow wrote:

> In order to get the browser to provide a pop-up asking for authenticaton, you have to send an http response 401 (instead of 200) when a user tries to access the resource without being logged in. The browser is then going to send the response back in an http header, and you'll need to handle it there.


Based on my testing, is seems that in addition to the 401 status, the http response must include a WWW-Authenticate header. Fotrunately, Pyramid makes this pretty simple. The Pyramid Response object has an __init__ parameter of www_authenticate to which you pass the type of authentication desired, in my case 'Basic'.

I found some code in the Pyramid cookbook http://docs.pylonsproject.org/projects/pyramid_cookbook/dev/authentication.html#basic-authentication-policy showing how to extract the user name and password from the browser's re-request.

Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/mailman/private/centraloh/attachments/20110718/b51f4b12/attachment-0001.html>


More information about the CentralOH mailing list