[Twisted-web] HTTP basic auth

Colin Alston karnaugh at karnaugh.za.net
Tue Jan 8 05:09:43 EST 2008

On 08/01/2008 11:49 Vincent Bernat wrote:
> twisted.web2 authentication seems to be a good start, but I am using Nevow.
> Has someone already done a HTTP basic auth with nevow? In fact, my case is
> very similar to the one here:
>  http://twistedmatrix.com/pipermail/twisted-web/2007-January/003270.html
> But, as I said, Nevow's guard.py seems best suited for web app
> authentication, not for web services. Can anyone confirm/infirm?

Guard is for web based applications authentication, yes. If you're 
doing something other than this, you probably do want HTTP auth.

Doing HTTP authentication yourself for a web service should be as 
simple as returning a 403 error until you get a positive 
authentication. There may be some implementations around for doing 
this as a resource using t.cred.

Digging through some of my older work with t.w turned up the following 
(obviously extinct and horrific code, but shows what you're looking for)

class Page(object):
     def authenticateUser(self, request, passinfo):
         user, password = request.getUser(), 
         if user==passinfo['username'] and password==passinfo['password']:
             return True
         return False

     def render(self,request, realm, passinfo):
         if self.authenticateUser(request, passinfo):
             return self.documentRender(self, request)
             request.setHeader('WWW-authenticate', 'basic realm="%s"' 
% realm)
         return BaseResources.ErrorAuth().render()

Colin Alston ~ http://www.karnaugh.za.net/
"To the world you may be one person, to one person you may be the 
world" ~ Rachel Ann Nunes.

More information about the Twisted-web mailing list