多个Django应用程序，共享身份验证 [英] Multiple Django apps, shared authentication

问题描述

这个问题的两个答案取决于分享是不同的网站或不同的子域名。第二个答案：多个Django应用程序，共享身份验证

用户访问site1.com并登录。如果他去了site2.com，那么他应该已经在该网站上登录（认证）了。

site1.com和site2.com由同一台服务器上的不同Django应用程序处理。

我得到站点可以共享包含身份验证表的数据库。我不知道会话数据是如何处理的。登录到site1后，用户进入site2。在这里他总是有request.user =AnonymousUser：AnonymousUser而不是user_id。

我已将其设置为： https://docs.djangoproject.com/en/dev/topics/db/multi-db/ ：

site1的设置包含一个包含验证模型和其他数据表的数据库。 site2的设置有2个数据库。一个有自己的数据表，也是user1使用的数据表。我基本上复制了AuthRouter类并设置了数据库路由器。

我不可能做什么？我实际上并不了解两个站点如何共享会话数据。 Django之外需要特别的东西吗？还是应该这样工作？我可以在这里列出我的代码，但是如果我对这个错误的基本思考不想混淆这个问题。

编辑：这是我的设置。我在本地主机上尝试这样做。

Site1在本地主机上运行：8080

site2在localhost上运行： 8000

SITE2 APP：

db_router.py：

$ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：：
返回'the_ui'
返回无
＃写入

def allow_syncdb（self，db，model）：
如果db =='the_ui '：
return model._meta.app_label =='auth'
elif model._meta.app_label =='auth'：
return False
return None

class OtherRouter（object）：
def db_for_read（self，model，** hints）：
返回default
＃相同的写，关系，syncdb

settings.py：

  DATABASE_ROUTERS = ['site2_app.db_router.AuthRouter'，'site2_app $ db $ b SESSION_COOKIE_DOMAIN ='http：// localhost：8080'
 SESSION_ENGINE =django.contrib.sessions.backends.signed_cookies
 
 DATABASES = {
'default'：{
＃... 
}，
'the_ui'：{
＃... 
} 
} 
  

SITE 1 APP：

 ＃no router 
＃只有单个数据库，与site2中使用的the_ui相同
 SESSION_ENGINE =django.contrib.sessions.backends.signed_cookies
  




解决方案

正如您所说，两个站点可以通过共享数据库具有相同的身份验证数据或同步各个数据库之间的Users表。

这将确保site1.com的任何用户将自动成为site2.com的成员，反之亦然。

但是，您登录site1.com的任何用户的要求应该自动登录到site2.com有点棘手。您真正需要的是单点登录（SSO）

为什么只能共享数据库（包括会话数据）无法实现这一点，是因为site2.com无法访问由浏览器上的site1.com设置的cookie，因为跨域问题。

有许多使用Django的SSO解决方案。看看这个的问题。虽然我从未使用过， Django-openid 似乎是一个很好的选择。

Two answers to this question, depending on whether sharing is across different sites or different subdomains Second answer: Multiple Django apps, shared authentication

A user goes to site1.com and logs in. Now, if he goes to site2.com, then he should already be logged in (authenticated) at that site.

site1.com and site2.com are handled by different Django apps on the same sever.

I get that the sites can share the database containing the authentication tables. What I don't get is how the session data is handled. After logging in to site1, the user goes to site2. Here he always has request.user = "AnonymousUser: AnonymousUser" instead of a user_id.

I have set it up as here: https://docs.djangoproject.com/en/dev/topics/db/multi-db/ :

site1's settings has a single database that contains the auth models as well as some other data tables. site2's settings has 2 databases. One with its own data tables and also the one used by user1. I essentially copied class AuthRouter and set up the database router.

Is it not possible what I am trying to do? I don't actually understand how the two sites can share session data. Do I need something special outside of Django? Or should this work? I can include my code here, but don't want to confuse the issue if my basic thinking about this is wrong.

EDIT: here is my setup. I am trying this on localhost.

Site1 is running on localhost:8080

site2 is running on localhost:8000

SITE2 APP:

db_router.py:

class AuthRouter(object):
    def db_for_read(self, model, **hints):
        if model._meta.app_label == 'auth':
            return 'the_ui'
        return None
    # same for write

    def allow_syncdb(self, db, model):
        if db == 'the_ui':
            return model._meta.app_label == 'auth'
        elif model._meta.app_label == 'auth':
            return False
        return None

class OtherRouter(object):
    def db_for_read(self, model, **hints):
        return "default"
    # same for write, relation, syncdb

settings.py:

DATABASE_ROUTERS = ['site2_app.db_router.AuthRouter', 'site2_app.db_router.OtherRouter']
SESSION_COOKIE_DOMAIN = 'http://localhost:8080'
SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"

DATABASES = {
    'default': {
        # ...
    },
    'the_ui': {
        # ...
    }
}

SITE 1 APP:

# no router
# only single database, same as the "the_ui" used in site2
SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"

解决方案

As you said, the two sites can have the same authentication data by sharing the database or syncing the Users table between their respective databases.

This will ensure any user of site1.com will automatically become a member of site2.com and vice versa.

But your requirement of- any user who logs into site1.com should get automatically logged in site2.com is a bit tricky. What you really need is Single Sign On (SSO).

Why it can't be achieved by merely sharing the database (including session data) is because site2.com can never gain access to a cookie set by site1.com on the browser because of cross domain issues.

There are many SSO solutions using Django. Have a look at this SO question. Though I have never used it, Django-openid seems a good option.

这篇关于多个Django应用程序，共享身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！