Django Rest Framework Behind HTTP Authentication Base

Question

Django Rest Framework Behind HTTP Authentication Base

If my web service (powered by Django Rest Framework, v2.3.8) is inside a location protected by basic Nginx HTTP authentication, for example:

location / { auth_basic "Restricted access"; auth_basic_user_file /path/to/htpasswd; uwsgi_pass django; include /etc/uwsgi/config/uwsgi_params; }

Then, when the user authenticates and tries to access the API, the following response is obtained for all views:

 {"detail": "Invalid username/password"}

Is the Django Rest Framework an HTTP authorization header (designed for Nginx), although the view does not require authentication? If so, how do I do this?

Any help would be greatly appreciated.

+4

django django-rest-framework nginx

Ikalou Oct 30 '13 at 20:44

source share

2 answers

ottojiang · Answer 1 · 2013-12-18T16:19:11+0000

By default, the Django Rest Framework has two authentication classes, see here .

 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', 'rest_framework.authentication.BasicAuthentication' )}

You can disable authentication for the rest of the infrastructure if you do not need it.

 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': () }

Or you can only remove BasicAuthentication , as it will work in your case.

 REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication' )}

Marc aubin · Answer 2 · 2016-11-02T14:32:05+0000

As noted in another post, you must add a comma next to the authentication class, or it can raise a TypeError.

 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.authentication.SessionAuthentication', #comma added here )

Source: fooobar.com/questions/276541 / ...

Django Rest Framework Behind HTTP Authentication Base

More articles: