Comments on: Basic Authentication on mod_wsgi

By: Salvatore@Wisdek

Salvatore@Wisdek — Sun, 31 Jan 2010 12:18:28 +0000

The decorator will handle all the details of the HTTP Basic Authentication for you, so now let’s get back to the reason, why I’m writing this text: If you want to use this method to protect your views and you host your Django project on Apache with mod_wsgi, you have to add one setting to your Apache configuration:

WSGIPassAuthorization On

By: Fred@Laser Acne Removal

Fred@Laser Acne Removal — Thu, 28 Jan 2010 07:44:48 +0000

A good companion may be the require_POST decorator from django.views.decorators.http, which you can use on (api-) views, which only alter data and therefore should only receive HTTP POST requests. Decorators can be stacked, so you can write:

@require_POST
@logged_in_or_basicauth()
def api_view(request):

By: Rob@Metal Bending

Rob@Metal Bending — Thu, 28 Jan 2010 07:43:40 +0000

(most often Microsoft Internet Explorer) in the border of the viewable screen as the visitor is viewing your website. This serves as an anchor so that the visitor knows where he or she is on your website. For this reason, titles need to clearly relate to their page and should include bread crumb or mouse trail information if there is space available. Microsoft’s browser, called Internet Explorer, displays the first 95 characters of your title tag. For title tags longer than 95 characters, Internet Explorer will simply crop the tag, as you can see it has done to the title of this Web page.

By: Mark Daniel@Working Out Abs

Mark Daniel@Working Out Abs — Thu, 28 Jan 2010 07:42:53 +0000

There is a good snippet available on djangosnippets.org, which implements a decorator for protecting individual views with HTTP Basic Authentication. You can see the code here: Snippet 243.

By: John Jeracevich

John Jeracevich — Thu, 28 Jan 2010 07:40:41 +0000

I sometimes use HTTP (Basic) Authentication to authenticate requests to an API of a website. Using cookie and form-based authentication for an API which will be used programmatically is generally a PITA. If the views are exposed via HTTPS (SSL/TLS encrypted) then I see no problem in using HTTP Basic Authentication.

By: David Kotkin@crankshafts

David Kotkin@crankshafts — Tue, 26 Jan 2010 09:53:08 +0000

Daemon mode of mod_wsgi will however only be available on Apache 2.0 or 2.2 running on UNIX, and only when the Apache runtime library underlying Apache has been compiled with support for threading.

By: Steve@Lift Chairs

Steve@Lift Chairs — Mon, 25 Jan 2010 15:47:08 +0000

Sometimes the quickest and easiest route is the best. Sometimes, for me anyway, it can be hard not to reinvent the wheel though, especially if you think you can do it better.

I know how frustrating that whole hindsight thing can be too. Just this weekend, I spent a few hours trying to install Windows in a virtual machine, with a bad CD.

It would have only normally taken about 30 minutes, but at least 25% of the files on the cd were corrupt. After fighting it for a few hours and using two different Windows CDs, I got it installed. However, afterwards, I thought of a better way to install it that would have probably not taken too much longer than a traditional install.

By: Jesper Noehr

Jesper Noehr — Tue, 12 Jan 2010 08:32:04 +0000

Glad you found (and hopefully like) Piston. Let me know if you have any questions.

By: Dustin

Dustin — Tue, 12 Jan 2010 05:58:49 +0000

@Graham – you’re the man! I have never seen someone as singly dedicated to an open source project and pro-actively helpful.

I was looking at the documentation and from all I could tell it should have worked with 2.0. My only guess is that there were perhaps some other settings that had changed with the new setup, or perhaps Django itself had an issue. I would be curious to hear if anyone else has had similar issues.

It was good to have a reason to upgrade Django anyway.

By: Graham Dumpleton

Graham Dumpleton — Tue, 12 Jan 2010 05:48:57 +0000

FWIW, WSGIPassAuthorization has always existed with mod_wsgi and there is no reason it shouldn’t have worked with the older version.