Good day and thanks for your previous Supports, they are very wonderful.
I have a challenge in an my appplication. I want users to login using Single SignOn in an Intranet environment. The users are registered in the database, when they click the URL it checks their META data to see if their username exists in the database, if found it takes them to the application directly, using the code below.
def user_login(request):
#username = request.META['REMOTE_USER']
try:
username = request.META['USERNAME']
if User.objects.get(username=username):
request.user = User.objects.get(username=username)
#messages.success(request, "Welcome!!!")
return redirect("/en/home")
else:
messages.error(request, 'You do not have access to the application, contact the administrator!!!')
return redirect("/login_page")
except Exception as e:
print(traceback.format_exc())
return redirect("/login_page")
I read online that I can use request.META[‘REMOTE_USER’], but it did not work for me.
The challenge I have now is that, when I call a method from my view.py, I need to declare
Well, from this statement it looks like you don’t quite know how authentication works on Django. I suggest that you review this section of the documentation - How to log a user in.
After you use the mentioned function, Django will return a Cookie that will be stored by the user browser, and that cookie will be sent on every request, and Django will populate request.user on the auth middleware.
Side Note: I have never implemented such feature, and its easy to mess up with security, but as long as this is an Intranet application you won’t have much problems.
When you are considering Single SignOn authentication, you’ve got two different elements that need to be addressed.
In the general case, you need one authoritative source for credential validations. You want all systems to have one system that they all trust to verify that the person presenting credentials is presenting the correct credentials.
Then, once that’s done, then that identification information must be presented to all the systems in a way that is reliable and secure, such that each target system can validate the identification being presented.
What you’re looking for then is a type of token-based authentication.
You’ll also find other protocols that provide this same facility (including Microsoft Active Directory authentication), but they all fundamentally work the same way.
User authenticates to an authentication server. That server gives a token back to the browser.
The User is redirected to the server running the application they want to use, passing that token to that server.
The application server receives the token and validates it with the authentication server.
I don’t want my users to login with username and password. As long as they can logon to their PC through Microsoft Active Directory authentication, I want them to use same authentication to login to the application.
Though, my solution works, just that it is not the right way. it picks the user from the user table and logs them in, but I need to reload the request.User at every stage and that is what I don’t want to be doing.
I am serving the app using IIS. The user information comes from Microsoft Active Directory. But I like your solution. I will implement it in my next project.
So it’s IIS that is setting the REMOTE_USER header? If so, then yes - the docs listed above referencing the REMOTE_USER middleware is what you’re looking for.
