Django Rest框架背后的HTTP基本身份验证 [英] Django Rest Framework behind HTTP Basic Authentication

问题描述

如果我的webservice（由Django Rest Framework v2.3.8提供支持）位于受Nginx HTTP基本身份验证保护的位置，如下所示：

If my webservice (powered by Django Rest Framework, v2.3.8) is inside a location protected by Nginx's HTTP Basic Authentication, like so:

location / {
            auth_basic           "Restricted access";
            auth_basic_user_file /path/to/htpasswd;

            uwsgi_pass django;
            include /etc/uwsgi/config/uwsgi_params;
    }

然后，当用户验证并尝试访问API时，以下响应获得所有视图：

Then, when a user authenticate and tries to access the API, the following response is obtained for all views:

{"detail": "Invalid username/password"}

即使视图不需要身份验证，Django Rest Framework会接收HTTP Authorization标头（适用于Nginx）吗？如果是这样，我该怎么办？

Does Django Rest Framework pick up the HTTP Authorization header (meant for Nginx) even though the view requires no authentication? If so, how should I go about this?

任何帮助都将不胜感激。

Any help would be greatly appreciated.

推荐答案

默认情况下，Django Rest Framework有两个身份验证类，请参阅这里。

By default, Django Rest Framework has two authentication classes, see here.

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication',
    'rest_framework.authentication.BasicAuthentication'
)}

您可以禁用其余框架如果你不需要认证。

You can disable the rest framework authentication if you don't need it.

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ()
}

或者您只能删除 BasicAuthentication ，因为它将适用于您的案例。 （
'rest_framework.authentication.SessionAuthentication'
）

Or you can remove only BasicAuthentication as it will work in your case.

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication'
)}

这篇关于Django Rest框架背后的HTTP基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！