Django Rest框架背后的HTTP基本身份验证 [英] Django Rest Framework behind HTTP Basic Authentication
问题描述
如果我的webservice(由Django Rest Framework v2.3.8提供支持)位于受Nginx HTTP基本身份验证保护的位置,如下所示:
If my webservice (powered by Django Rest Framework, v2.3.8) is inside a location protected by Nginx's HTTP Basic Authentication, like so:
location / {
auth_basic "Restricted access";
auth_basic_user_file /path/to/htpasswd;
uwsgi_pass django;
include /etc/uwsgi/config/uwsgi_params;
}
然后,当用户验证并尝试访问API时,以下响应获得所有视图:
Then, when a user authenticate and tries to access the API, the following response is obtained for all views:
{"detail": "Invalid username/password"}
即使视图不需要身份验证,Django Rest Framework会接收HTTP Authorization标头(适用于Nginx)吗?如果是这样,我该怎么办?
Does Django Rest Framework pick up the HTTP Authorization header (meant for Nginx) even though the view requires no authentication? If so, how should I go about this?
任何帮助都将不胜感激。
Any help would be greatly appreciated.
推荐答案
默认情况下,Django Rest Framework有两个身份验证类,请参阅这里。
By default, Django Rest Framework has two authentication classes, see here.
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication'
)}
您可以禁用其余框架如果你不需要认证。
You can disable the rest framework authentication if you don't need it.
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ()
}
或者您只能删除 BasicAuthentication
,因为它将适用于您的案例。 (
'rest_framework.authentication.SessionAuthentication'
)
Or you can remove only BasicAuthentication
as it will work in your case.
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication'
)}
这篇关于Django Rest框架背后的HTTP基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!