【问题标题】:django / tastypie basic authentication works on dev, not on productiondjango/tastepie 基本身份验证适用于开发,而不是生产
【发布时间】:2012-08-09 01:47:56
【问题描述】:

我正在使用 django/tastpie 构建一个 RESTful api。在我的开发(本地)环境中运行时,一切正常,并且验证正确。

Marks-MacBook-Pro:~ mshust$ curl http://127.0.0.1:8000/api/v1/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to 127.0.0.1 port 8000 (#0)
        *   Trying 127.0.0.1...
        * connected
        * Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
                > GET /api/v1/speedscreen/ HTTP/1.1
                > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
                > Host: 127.0.0.1:8000
                > Accept: */*
                > Authorization: Basic bXNodXN0MToyMjY3
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Date: Thu, 09 Aug 2012 01:36:05 GMT
< Server: WSGIServer/0.1 Python/2.7.2
< Content-Type: application/json; charset=utf-8
<
* Closing connection #0
{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}

但是,当我在生产服务器(apache + wsgi over https)上运行它时,我不断收到 401 Unauthorized 响应(出于安全原因更改了域/IP)

Marks-MacBook-Pro:~ mshust$ curl https://www.domain.com/api/speedscreen/ -H 'Authorization: Basic bXNodXN0MToyMjY3' -v
* About to connect() to www.domain.com port 443 (#0)
*   Trying 231.23.102.140...
* connected
* Connected to www.domain.com (231.23.102.140) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: O=www.domain.com; OU=Domain Control Validated; CN=www.domain.com
*    start date: 2012-07-18 13:30:31 GMT
*    expire date: 2014-07-18 13:30:31 GMT
*    subjectAltName: www.domain.com matched
*    issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287
*    SSL certificate verify ok.
> GET /api/speedscreen/ HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.domain.com
> Accept: */*
> Authorization: Basic bXNodXN0MToyMjY3
> 
< HTTP/1.1 401 UNAUTHORIZED
< Date: Thu, 09 Aug 2012 01:36:00 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Vary: Accept-Encoding
< Content-Length: 0
< Content-Type: text/html; charset=utf-8
< 
* Connection #0 to host www.domain.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

有人知道这里会发生什么吗?我完全被难住了。

谢谢, 标记

【问题讨论】:

    标签: django rest authentication basic-authentication tastypie


    【解决方案1】:

    通常,cURL 的基本身份验证是这样完成的:

    curl -u "user:password"
    

    也许在你的情况下:

    curl -u "bXNodXN0MToyMjY3"
    

    如果将其更改为该格式不起作用,则可能是您在 .htaccess 文件或 apache 配置中设置了基本身份验证,它在进入您的 WSGI 应用程序之前获取了身份验证。

    此外,对于 apache 和 mod_wsgi,您需要根据 this post 添加 WSGIPassAuthorization On 设置。

    【讨论】:

    • 抱歉,使用 -u 得到的结果相同。 htaccess 或 apache 配置中没有设置基本身份验证,我什至禁用了 apache 的 auth_basic 模块以确保。
    • 我刚刚用更多细节修改了我的答案
    • 官方 mod_wsgi 文档code.google.com/p/modwsgi/wiki/…
    • 爱你节省了几个小时
    猜你喜欢
    • 1970-01-01
    • 2019-07-11
    • 1970-01-01
    • 2020-04-30
    • 1970-01-01
    • 2014-01-31
    • 1970-01-01
    • 1970-01-01
    • 2018-04-19
    相关资源
    最近更新 更多