Re: [web2py] Re: Restful API with HTTPS and authentication
YES! This was the solution for me as well. Thanks! On Tuesday, September 17, 2013 at 3:31:14 AM UTC-7, Fredrik wrote: > > It turns out I needed to add this to the Apache config: > *WSGIPassAuthorization > On* > > With the line added everything works well. I couldn't find any > documentation on that in the web2py book and I do not know if it has > something to do with my particular setup and versions. > > Now all decorators works according to documentation and i can use, for > instance "wget -qO- --no-check-certificate --auth-no-challenge > --user=[username] --password=[passeword] > https://my.server.com/api/action.json; > > On Tuesday, September 17, 2013 11:23:00 AM UTC+2, Michele Comitini wrote: >> >> Fredrik, >> >> You should be able to use http basic authentication on ssl. >> You can also use x509 auth if you want to use client side certificates >> (still using web2py auth_* tables). >> I do not understand what is the exact error on your client. Can you post >> it? >> >> mic >> >> >> >> 2013/9/17 Fredrik>> >>> Hi Larry, >>> >>> thanks for the quick reply. It might have something to do with the >>> certificate. Me calling it a production server is actually not totally >>> correct, it's more of a staging server, and therefore the SSL certificate >>> does not match the domain name. >>> >>> Using basic auth was more of a way to find out what is going wrong. Our >>> goal is to have API authentication based on the auth table in web2py. With >>> basic auth and Apache/WSGI, aren't we restricted to a password-file and >>> therefore a separate user/pass set than in web2py? >>> >>> >>> On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote: >>> I'm doing exactly that and not running into troubles. Could it be something about your SSL certificate? If it's not a well trusted certificate sometimes you need to install it on the client side. Does it match the domain name you are calling? I test my server with the following python code and I can use basic authentication with restful calls: import requests from requests.auth import HTTPBasicAuth import json user = 'myn...@my.com' passwd = 'mypassword' url= 'http://mysrver/app/controller/resfullcall.json' r = requests.get(url, auth=HTTPBasicAuth(user, passwd)) # print r.text # Decode the JSON response and get the access token decodedDict = json.loads(r.text) -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to web2py+un...@googlegroups.com. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Restful API with HTTPS and authentication
Hi Larry, thanks for the quick reply. It might have something to do with the certificate. Me calling it a production server is actually not totally correct, it's more of a staging server, and therefore the SSL certificate does not match the domain name. Using basic auth was more of a way to find out what is going wrong. Our goal is to have API authentication based on the auth table in web2py. With basic auth and Apache/WSGI, aren't we restricted to a password-file and therefore a separate user/pass set than in web2py? On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote: I'm doing exactly that and not running into troubles. Could it be something about your SSL certificate? If it's not a well trusted certificate sometimes you need to install it on the client side. Does it match the domain name you are calling? I test my server with the following python code and I can use basic authentication with restful calls: import requests from requests.auth import HTTPBasicAuth import json user = 'myn...@my.com javascript:' passwd = 'mypassword' url= 'http://mysrver/app/controller/resfullcall.json' r = requests.get(url, auth=HTTPBasicAuth(user, passwd)) # print r.text # Decode the JSON response and get the access token decodedDict = json.loads(r.text) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Restful API with HTTPS and authentication
Fredrik, You should be able to use http basic authentication on ssl. You can also use x509 auth if you want to use client side certificates (still using web2py auth_* tables). I do not understand what is the exact error on your client. Can you post it? mic 2013/9/17 Fredrik fredrik.zetterg...@gmail.com Hi Larry, thanks for the quick reply. It might have something to do with the certificate. Me calling it a production server is actually not totally correct, it's more of a staging server, and therefore the SSL certificate does not match the domain name. Using basic auth was more of a way to find out what is going wrong. Our goal is to have API authentication based on the auth table in web2py. With basic auth and Apache/WSGI, aren't we restricted to a password-file and therefore a separate user/pass set than in web2py? On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote: I'm doing exactly that and not running into troubles. Could it be something about your SSL certificate? If it's not a well trusted certificate sometimes you need to install it on the client side. Does it match the domain name you are calling? I test my server with the following python code and I can use basic authentication with restful calls: import requests from requests.auth import HTTPBasicAuth import json user = 'myn...@my.com' passwd = 'mypassword' url= 'http://mysrver/app/**controller/resfullcall.jsonhttp://mysrver/app/controller/resfullcall.json ' r = requests.get(url, auth=HTTPBasicAuth(user, passwd)) # print r.text # Decode the JSON response and get the access token decodedDict = json.loads(r.text) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [web2py] Re: Restful API with HTTPS and authentication
It turns out I needed to add this to the Apache config: On Tuesday, September 17, 2013 11:23:00 AM UTC+2, Michele Comitini wrote: Fredrik, You should be able to use http basic authentication on ssl. You can also use x509 auth if you want to use client side certificates (still using web2py auth_* tables). I do not understand what is the exact error on your client. Can you post it? mic 2013/9/17 Fredrik fredrik.z...@gmail.com javascript: Hi Larry, thanks for the quick reply. It might have something to do with the certificate. Me calling it a production server is actually not totally correct, it's more of a staging server, and therefore the SSL certificate does not match the domain name. Using basic auth was more of a way to find out what is going wrong. Our goal is to have API authentication based on the auth table in web2py. With basic auth and Apache/WSGI, aren't we restricted to a password-file and therefore a separate user/pass set than in web2py? On Monday, September 16, 2013 6:08:14 PM UTC+2, Larry Weinberg wrote: I'm doing exactly that and not running into troubles. Could it be something about your SSL certificate? If it's not a well trusted certificate sometimes you need to install it on the client side. Does it match the domain name you are calling? I test my server with the following python code and I can use basic authentication with restful calls: import requests from requests.auth import HTTPBasicAuth import json user = 'myn...@my.com' passwd = 'mypassword' url= 'http://mysrver/app/**controller/resfullcall.jsonhttp://mysrver/app/controller/resfullcall.json ' r = requests.get(url, auth=HTTPBasicAuth(user, passwd)) # print r.text # Decode the JSON response and get the access token decodedDict = json.loads(r.text) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com javascript:. For more options, visit https://groups.google.com/groups/opt_out. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Re: Restful API with HTTPS and authentication
I'm doing exactly that and not running into troubles. Could it be something about your SSL certificate? If it's not a well trusted certificate sometimes you need to install it on the client side. Does it match the domain name you are calling? I test my server with the following python code and I can use basic authentication with restful calls: import requests from requests.auth import HTTPBasicAuth import json user = 'myn...@my.com' passwd = 'mypassword' url= 'http://mysrver/app/controller/resfullcall.json' r = requests.get(url, auth=HTTPBasicAuth(user, passwd)) # print r.text # Decode the JSON response and get the access token decodedDict = json.loads(r.text) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.