[python-win32] Embedding Login and Impersonation into Django

[Mohamed Abdelhack]

Hi everyone,

I am currently building a webapp using Django that will run onto a windows
server that comprises an MS SQL server that uses windows authentication. I
was unable to make IIS or Apache pass on the user identity to Django
(probably double hopping) so I thought of implementing impersonation from
within the app itself. I cannot make an account for the application pool
itself for security reasons and I cannot switch to username password
authentication for the same reasons. For that, I have a few questions to
assess my options.
- Is there an option in pywin32 to login an already authenticated user
without reentering the password? Context: Django can make authentication
requests to windows but cannot access the process itself so I thought to
piggyback off of that.
- Is there an option to keep the logged on/impersonated user rather than
the handle getting destroyed? I noticed that after I log in, refreshing the
page after causes the handle to be destroyed and login needs to be redone.

Thank you very much,
Best,
Mohamed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20200812/9b39c849/attachment.html>