ASGI middleware for SSPI
Project description
jetblack-asgi-sspi
ASGI middleware for SSPI authentication on Windows.
This is not specific to a particular ASGI framework or server.
Installation
Install from the pie store.
pip install jetblack-asgi-sspi
Usage
The following program uses the Hypercorn ASGI server, and the bareASGI ASGI framework.
import asyncio
import logging
from bareasgi import Application, HttpRequest, HttpResponse
from bareutils import text_writer
from hypercorn import Config
from hypercorn.asyncio import serve
from jetblack_asgi_sspi.spnego_middleware import SPNEGOMiddleware, SSPIDetails
# A callback to display the results of the SSPI middleware.
async def http_request_callback(request: HttpRequest) -> HttpResponse:
# Get the details from scope['extensions']['sspi']. Note if
# authentication failed this might be absent or empty.
extensions = request.scope.get('extensions', {})
sspi_details = extensions.get('sspi', {})
client_principal = sspi_details.get('client_principal', 'unknown')
message = f"Authenticated as '{client_principal}'"
return HttpResponse(
200,
[(b'content-type', b'text/plain')],
text_writer(message)
)
async def main_async():
# Make the ASGI application.
app = Application()
app.http_router.add({'GET'}, '/', http_request_callback)
# Wrap the application with the middleware.
wrapped_app = SPNEGOMiddleware(
app,
protocol=b'NTLM', # NTLM or Negotiate
forbid_unauthenticated=True
)
# Start the ASGI server.
config = Config()
config.bind = ['localhost:9023']
await serve(wrapped_app, config)
if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG)
asyncio.run(main_async())
Arguments
The SPNEGOMiddleware
wraps the ASGI application. The first and only
positional argument is the ASGI application. Optional arguments include:
protocol
(bytes
): Eitherb"Negotiate"
orb"NTLM"
(for systems not part of a domain).service
(str
): The SPN service. Defaults to"HTTP"
.hostname
(str
, optional): The hostname. Defaults togethostname
.session_duration
(timedelta
, optional): The duration of a session. Defaults to 1 hour.forbid_unauthenticated
(bool
): If true, and authentication fails, send 403 (Forbidden). Otherwise handle the request unauthenticated.
Results
If the authentication is successful the SSPI details are added to the
"extensions"
property of the ASGI scope under the property "sspi"
.
The following properties are set:
"client_principal"
(str
): The username of the client."negotiated_protocol"
(str
): The negotiated protocol."protocol"
(str
): The requested protocol."spn"
(str
): The SPN of the server.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for jetblack-asgi-sspi-1.0.0rc0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 293b57ee575e103ab58686805d414da0732d90f6af8e97fc68af3fb127a520da |
|
MD5 | 9b38caeef17be2c2bdc2b65525481a01 |
|
BLAKE2b-256 | e73c373e8c856caa2512bbef444c0b1b7dd01a3a7ee6e425311e1e16e3248146 |
Close
Hashes for jetblack_asgi_sspi-1.0.0rc0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3700e885ccfcc3c413099e4ae04a777e67449462112f2bb31ffaed078abee152 |
|
MD5 | 8ba99c23b157974f39afe8ce61060679 |
|
BLAKE2b-256 | 5a854bd9f17bbf36a5e62bd4fbc6636cbd30233ada11bfbd6d79ac9a381c03b3 |