Django Admin - 重新认证? [英] Django Admin - Re-authentication?

问题描述

我目前对 Django 的管理后端有点进退两难.默认的身份验证系统允许已登录的具有员工权限的用户访问管理站点，但它只是让他们直接进入.

I'm in a bit of a dilemma at the moment regarding Django's admin backend. The default authentication system allows already logged-in users that have staff privileges to access the admin site, however it just lets them straight in.

这对我来说并不正确"，我想知道是否很难至少需要对同一会话进行重新身份验证才能进入后端.

This doesn't feel "right" to me, and I'm wondering if it would be difficult to at least require a re-authentication of that same session in order to get into the backend.

不过，最好将前端会话与后端会话分开(尽管仍然使用相同的用户对象)，这样可以将站点的两个部分完全分开.这可能需要两个单独的身份验证后端吗?这样的事情会很难实现吗?

Preferably though, it'd be good if the frontend sessions could be separated from the backend ones (though still using the same user objects), this would allow a clean separation of both parts of the site. Would this perhaps require two separate authentication backends? Would something like this be difficult to achieve?

推荐答案

这里有一个想法:在与前端不同的域上运行管理应用程序.cookie 在其他域中无效，因此用户必须重新登录.您只需要一个单独的 Apache vhost 和一个基本的 settings.py，它在 INSTALLED_APPS 中只有 contrib.admin.

Here's an idea: run the admin app on a different domain to the frontend. The cookies won't be valid in the other domain, so the user will have to log in again. All you'd need would be a separate Apache vhost and a basic settings.py that just has contrib.admin in INSTALLED_APPS.

这篇关于Django Admin - 重新认证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！