如何为Django视图提供基本的HTTP身份验证?

I've been spending hours trying to find a way to have Basic HTTP Authentication for one of my views. These are several of the solutions I've tried but have had no success. The request is still be processed even with no authentication. I'm using version 1.4.3 of Django. Here is my Django view:

我花了好几个小时试图找到一种方法，使我的一个视图具有基本的HTTP身份验证。这是我尝试过的几种解决方案，但都没有成功。即使没有身份验证，请求仍然被处理。我使用的是Django的1.4.3版本。这是我的Django视图:

@csrf_exempt
def facebook(request):
        if request.user.is_authenticated():
                fb_value= ast.literal_eval(request.body)
                queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
                data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
                return HttpResponse(data, 'application/javascript')
        else:
                return HttpResponse("This user is not authenticated")

I sent in the request without authentication, and it still returned results. This is not suppose to happen.

我在没有身份验证的情况下发送了请求，它仍然返回结果。这是不应该发生的。

Another solution I tried was from a Django Snippet I found called, view by view basic authentication decorator

我尝试过的另一个解决方案来自于我找到的Django代码片段，名为view by view basic authentication decorator

I made a httpauth.py and copied the code over from the snippet:

我做了一个httpauth。py将代码从代码片段中复制过来:

from mydjangoapp.httpauth import *

@csrf_exempt
@logged_in_or_basicauth()
def facebook(request):
        fb_value= ast.literal_eval(request.body)
        queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
        data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
        return HttpResponse(data, 'application/javascript')

I sent the request without authentication, and it still returned results. After exhausting all options, I turned to Django's very own @login_required decorator:

我没有进行身份验证就发送了请求，它仍然返回结果。在用尽了所有选项之后，我转向Django自己的@login_required decorator:

from django.contrib.auth.decorators import login_required

@csrf_exempt
@login_required
def facebook(request):
        fb_value= ast.literal_eval(request.body)
        queryset = Poster.objects.all().filter(fb_id__in = fb_value.values())
        data = serializers.serialize('json', queryset, fields = ('picture','fb_id',))
        return HttpResponse(data, 'application/javascript')

Here is more information about my settings.py:

这里有更多关于我的设置的信息。

MIDDLEWARE_CLASSES = (
        'django.middleware.common.CommonMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
)

AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.ModelBackend',
)

After trying all of these options, I don't know what to do. Is there anything I am missing here?!

在尝试了所有这些选项之后，我不知道该怎么做。这里有什么我错过的吗?!

1 个解决方案

#1

This really isn't much of an answer. I'm sorry that I have to post it here, but the system has cut me off from the comment section.

这并不是一个很好的答案。很抱歉，我必须在这里发布，但是系统把我从评论区切断了。

I don't see any issues with your example with using the @login_required decorator. This is typically how I do it on my Django sites. This leads me to believe that you have 1 of 2 things going on here:

我没有使用@login_required decorator来查看示例中的任何问题。这是我在Django站点上的典型做法。这让我相信你有两件事:

You have a configuration issue in your settings file
在设置文件中有一个配置问题
During initial testing, you have actually authenticated and created a session.
在初始测试期间，您实际上已经验证并创建了会话。

Again, I don't think your problem is with your code. Please post what you finally determine is the issue so that I (and others) may learn from it.

再说一遍，我不认为你的问题在于你的代码。请发布您最终确定的问题，以便我(和其他人)可以从中学习。

#1