Re: [web2py] Re: Restful API with HTTPS and authentication

2016-10-11 Thread Keith Phillips 
YES!  This was the solution for me as well.  Thanks!

On Tuesday, September 17, 2013 at 3:31:14 AM UTC-7, Fredrik wrote:
>
> It turns out I needed to add this to the Apache config: 
> *WSGIPassAuthorization 
> On*
>
> With the line added everything works well. I couldn't find any 
> documentation on that in the web2py book and I do not know if it has 
> something to do with my particular setup and versions.
>
> Now all decorators works according to documentation and i can use, for 
> instance "wget -qO- --no-check-certificate --auth-no-challenge 
> --user=[username] --password=[passeword] 
> https://my.server.com/api/action.json;
>
> On Tuesday, September 17, 2013 11:23:00 AM UTC+2, Michele Comitini wrote:
>>
>> Fredrik,
>>
>> You should be able to use http basic authentication on ssl.
>> You can also use x509 auth if you want to use client side certificates 
>> (still using web2py auth_* tables).
>> I do not understand what is the exact error on your client. Can you post 
>> it?
>>
>> mic
>>
>>
>>
>> 2013/9/17 Fredrik 
>>
>>> Hi Larry,
>>>
>>> thanks for the quick reply. It might have something to do with the 
>>> certificate. Me calling it a production server is actually not totally 
>>> correct, it's more of a staging server, and therefore the SSL certificate 
>>> does not match the domain name.
>>>
>>> Using basic auth was more of a way to find out what is going wrong. Our 
>>> goal is to have API authentication based on the auth table in web2py. With 
>>> basic auth and Apache/WSGI, aren't we restricted to a password-file and 
>>> therefore a separate user/pass set than in web2py?
>>>
>>>
>>> On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote:
>>>
 I'm doing exactly that and not running into troubles.
 Could it be something about your SSL certificate?  If it's not a well 
 trusted certificate sometimes you need to install it on the client side.
 Does it match the domain name you are calling?

 I test my server with the following python code and I can use basic 
 authentication with restful calls:

 import requests
 from   requests.auth import HTTPBasicAuth
 import json

 user  = 'myn...@my.com'
 passwd = 'mypassword'
 url= 'http://mysrver/app/controller/resfullcall.json'
 r   = requests.get(url, auth=HTTPBasicAuth(user, passwd))
 # print r.text

 # Decode the JSON response and get the access token
 decodedDict = json.loads(r.text)


 -- 
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to web2py+un...@googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[web2py] Re: Restful API with HTTPS and authentication

2013-09-17 Thread Fredrik 
Hi Larry,

thanks for the quick reply. It might have something to do with the 
certificate. Me calling it a production server is actually not totally 
correct, it's more of a staging server, and therefore the SSL certificate 
does not match the domain name.

Using basic auth was more of a way to find out what is going wrong. Our 
goal is to have API authentication based on the auth table in web2py. With 
basic auth and Apache/WSGI, aren't we restricted to a password-file and 
therefore a separate user/pass set than in web2py?


On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote:

 I'm doing exactly that and not running into troubles.
 Could it be something about your SSL certificate?  If it's not a well 
 trusted certificate sometimes you need to install it on the client side.
 Does it match the domain name you are calling?

 I test my server with the following python code and I can use basic 
 authentication with restful calls:

 import requests
 from   requests.auth import HTTPBasicAuth
 import json

 user  = 'myn...@my.com javascript:'
 passwd = 'mypassword'
 url= 'http://mysrver/app/controller/resfullcall.json'
 r   = requests.get(url, auth=HTTPBasicAuth(user, passwd))
 # print r.text

 # Decode the JSON response and get the access token
 decodedDict = json.loads(r.text)




-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Restful API with HTTPS and authentication

2013-09-17 Thread Michele Comitini 
Fredrik,

You should be able to use http basic authentication on ssl.
You can also use x509 auth if you want to use client side certificates
(still using web2py auth_* tables).
I do not understand what is the exact error on your client. Can you post it?

mic



2013/9/17 Fredrik fredrik.zetterg...@gmail.com

 Hi Larry,

 thanks for the quick reply. It might have something to do with the
 certificate. Me calling it a production server is actually not totally
 correct, it's more of a staging server, and therefore the SSL certificate
 does not match the domain name.

 Using basic auth was more of a way to find out what is going wrong. Our
 goal is to have API authentication based on the auth table in web2py. With
 basic auth and Apache/WSGI, aren't we restricted to a password-file and
 therefore a separate user/pass set than in web2py?


 On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote:

 I'm doing exactly that and not running into troubles.
 Could it be something about your SSL certificate?  If it's not a well
 trusted certificate sometimes you need to install it on the client side.
 Does it match the domain name you are calling?

 I test my server with the following python code and I can use basic
 authentication with restful calls:

 import requests
 from   requests.auth import HTTPBasicAuth
 import json

 user  = 'myn...@my.com'
 passwd = 'mypassword'
 url= 
 'http://mysrver/app/**controller/resfullcall.jsonhttp://mysrver/app/controller/resfullcall.json
 '
 r   = requests.get(url, auth=HTTPBasicAuth(user, passwd))
 # print r.text

 # Decode the JSON response and get the access token
 decodedDict = json.loads(r.text)


  --
 Resources:
 - http://web2py.com
 - http://web2py.com/book (Documentation)
 - http://github.com/web2py/web2py (Source code)
 - https://code.google.com/p/web2py/issues/list (Report Issues)
 ---
 You received this message because you are subscribed to the Google Groups
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to web2py+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Restful API with HTTPS and authentication

2013-09-17 Thread Fredrik 
It turns out I needed to add this to the Apache config:


On Tuesday, September 17, 2013 11:23:00 AM UTC+2, Michele Comitini wrote:

 Fredrik,

 You should be able to use http basic authentication on ssl.
 You can also use x509 auth if you want to use client side certificates 
 (still using web2py auth_* tables).
 I do not understand what is the exact error on your client. Can you post 
 it?

 mic



 2013/9/17 Fredrik fredrik.z...@gmail.com javascript:

 Hi Larry,

 thanks for the quick reply. It might have something to do with the 
 certificate. Me calling it a production server is actually not totally 
 correct, it's more of a staging server, and therefore the SSL certificate 
 does not match the domain name.

 Using basic auth was more of a way to find out what is going wrong. Our 
 goal is to have API authentication based on the auth table in web2py. With 
 basic auth and Apache/WSGI, aren't we restricted to a password-file and 
 therefore a separate user/pass set than in web2py?


 On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote:

 I'm doing exactly that and not running into troubles.
 Could it be something about your SSL certificate?  If it's not a well 
 trusted certificate sometimes you need to install it on the client side.
 Does it match the domain name you are calling?

 I test my server with the following python code and I can use basic 
 authentication with restful calls:

 import requests
 from   requests.auth import HTTPBasicAuth
 import json

 user  = 'myn...@my.com'
 passwd = 'mypassword'
 url= 
 'http://mysrver/app/**controller/resfullcall.jsonhttp://mysrver/app/controller/resfullcall.json
 '
 r   = requests.get(url, auth=HTTPBasicAuth(user, passwd))
 # print r.text

 # Decode the JSON response and get the access token
 decodedDict = json.loads(r.text)


  -- 
 Resources:
 - http://web2py.com
 - http://web2py.com/book (Documentation)
 - http://github.com/web2py/web2py (Source code)
 - https://code.google.com/p/web2py/issues/list (Report Issues)
 --- 
 You received this message because you are subscribed to the Google Groups 
 web2py-users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to web2py+un...@googlegroups.com javascript:.
 For more options, visit https://groups.google.com/groups/opt_out.




-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Restful API with HTTPS and authentication

2013-09-16 Thread Larry Weinberg 
I'm doing exactly that and not running into troubles.
Could it be something about your SSL certificate?  If it's not a well 
trusted certificate sometimes you need to install it on the client side.
Does it match the domain name you are calling?

I test my server with the following python code and I can use basic 
authentication with restful calls:

import requests
from   requests.auth import HTTPBasicAuth
import json

user  = 'myn...@my.com'
passwd = 'mypassword'
url= 'http://mysrver/app/controller/resfullcall.json'
r   = requests.get(url, auth=HTTPBasicAuth(user, passwd))
# print r.text

# Decode the JSON response and get the access token
decodedDict = json.loads(r.text)


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.