7

If my webservice (powered by Django Rest Framework, v2.3.8) is inside a location protected by Nginx's HTTP Basic Authentication, like so:

location / {
            auth_basic           "Restricted access";
            auth_basic_user_file /path/to/htpasswd;

            uwsgi_pass django;
            include /etc/uwsgi/config/uwsgi_params;
    }

Then, when a user authenticate and tries to access the API, the following response is obtained for all views:

{"detail": "Invalid username/password"}

Does Django Rest Framework pick up the HTTP Authorization header (meant for Nginx) even though the view requires no authentication? If so, how should I go about this?

Any help would be greatly appreciated.

Improve this question

2 Answers 2

Reset to default
8

By default, Django Rest Framework has two authentication classes, see here. 

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication',
    'rest_framework.authentication.BasicAuthentication'
)}

You can disable the rest framework authentication if you don't need it. 

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': ()
}

Or you can remove only BasicAuthentication as it will work in your case.

REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication'
)}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

for security reasons dont disallow the default security settings
This answer works. You can tune application for security when you need security.
2

As noted in another post, you must add a comma next to the authentication class or it can throw a TypeError. 

'DEFAULT_PERMISSION_CLASSES': (
    'rest_framework.authentication.SessionAuthentication', #comma added here
)

Source: https://stackoverflow.com/a/22697034/5687330

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.