使用 BaseHTTP 进行基本身份验证的 Python HTTP 服务器陷入困境
我一直在尝试让基于 python 的网络服务器工作。
我想要进行基本身份验证(发送 401 标头)并针对用户列表进行身份验证。我可以毫无问题地发送带有“WWW-Authorize”标头的 401 响应,我可以验证用户响应(base64 编码的用户名和密码),但是,成功验证后登录框不断弹出。
import SimpleHTTPServer
import SocketServer
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
class Handler(BaseHTTPRequestHandler):
''' Main class to present webpages and authentication. '''
def do_HEAD(self):
print "send header"
self.send_response(401)
self.send_header('WWW-Authenticate', 'Basic realm=\"Test\"')
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
''' Present frontpage with user authentication. '''
self.do_HEAD()
if self.headers.getheader('Authorization') == None:
self.wfile.write('no auth header received')
pass
elif self.headers.getheader('Authorization') == 'Basic dGVzdDp0ZXN0':
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('authenticated!')
pass
else:
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('not authenticated')
pass
httpd = SocketServer.TCPServer(("", 10001), Handler)
httpd.serve_forever()
if __name__ == '__main__':
main()
第一次加载(http://localhost:10001)时,会弹出登录框,我输入 test,test(正确的用户)用户已验证正常,但框会再次弹出,如果我单击“取消”,我会进入已验证的页面。 ..
有人可以帮忙吗?我怀疑这与授权发生在 do_GET 下有关,每次加载页面时都会触发 do_GET。
I am stuck trying to get a python based webserver to work.
I want to do Basic Authentication (sending a 401 header) and authenticating against a list of users. I have no trouble sending the 401 response with "WWW-Authorize" header, I can validate the users response (base64 encoded username & password), however, the login box keeps popping up after successful validation.
import SimpleHTTPServer
import SocketServer
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
class Handler(BaseHTTPRequestHandler):
''' Main class to present webpages and authentication. '''
def do_HEAD(self):
print "send header"
self.send_response(401)
self.send_header('WWW-Authenticate', 'Basic realm=\"Test\"')
self.send_header('Content-type', 'text/html')
self.end_headers()
def do_GET(self):
''' Present frontpage with user authentication. '''
self.do_HEAD()
if self.headers.getheader('Authorization') == None:
self.wfile.write('no auth header received')
pass
elif self.headers.getheader('Authorization') == 'Basic dGVzdDp0ZXN0':
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('authenticated!')
pass
else:
self.wfile.write(self.headers.getheader('Authorization'))
self.wfile.write('not authenticated')
pass
httpd = SocketServer.TCPServer(("", 10001), Handler)
httpd.serve_forever()
if __name__ == '__main__':
main()
On first load (http://localhost:10001) the loginbox pops up, I enter test, test (the correct user) user is validated ok, but box pops back up, if I click cancel, I get to the validated page...
Can anyone lend a hand here? I suspect it has something to do with the fact that authorization happens under do_GET, which is triggered everytime a page loads.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
试试这个尺寸:
Try this for size:
这是因为您无条件发送 401 和
WWW-Authenticate标头作为响应。仅当请求中没有可接受的身份验证凭据时,您才需要执行此操作。如果您对请求感到满意,请发送 200(或任何适当的内容)并且不再请求身份验证。That's because you are unconditionally sending 401 and
WWW-Authenticateheader in response. You only need to do this when there are no acceptable authentication credentials in request. If you are satisfied with request, send 200 (or whatever appropriate) and do not request authentication again.