Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rob-blackbourn/bareasgi-sspi

ASGI middleware for SSPI authentication
https://github.com/rob-blackbourn/bareasgi-sspi

asgi asyncio bareasgi hypercorn python python3 spnego sspi uvicorn windows

Last synced: about 1 month ago
JSON representation

ASGI middleware for SSPI authentication

Awesome Lists containing this project

README 

        
# bareASGI-sspi



[ASGI](https://asgi.readthedocs.io/en/latest/index.html) middleware

for the [bareASGI](https://github.com/rob-blackbourn/bareASGI) framework

providing [SSPI](https://en.wikipedia.org/wiki/Security_Support_Provider_Interface) authentication

on Windows.



The implementation uses the [pyspnego](https://github.com/jborean93/pyspnego) package.



There is also a generic ASGI server middleware implementation in the package

[jetblack-asgi-sspi](https://github.com/rob-blackbourn/jetblack-asgi-sspi).



## Installation



Install from the pie store.



```

pip install bareasgi-sspi

```



## Usage



The following program uses the

[Hypercorn](https://pgjones.gitlab.io/hypercorn/)

ASGI server.



```python

import asyncio

import logging

from typing import Optional



from bareasgi import Application, HttpRequest, HttpResponse

from bareutils import text_writer

from hypercorn import Config

from hypercorn.asyncio import serve



from bareasgi_sspi import add_sspi_middleware, sspi_details



# A callback to display the results of the SSPI middleware.

async def http_request_callback(request: HttpRequest) -> HttpResponse:

    # Get the details from the request context request['sspi']. Note if

    # authentication failed this might be absent or empty.

    sspi = sspi_details(request)

    client_principal = (

        sspi['client_principal']

        if sspi is not None

        else 'unknown'

    )

    return HttpResponse(

        200,

        [(b'content-type', b'text/plain')],

        text_writer(f"Authenticated as '{client_principal}'")

    )



async def main_async():

    # Make the ASGI application using the middleware.

    app = Application()

    app.http_router.add({'GET'}, '/', http_request_callback)



    # Add the middleware. Change the protocol from Negotiate to NTLM,

    # and allow unauthenticated requests to pass through.

    add_sspi_middleware(

        app,

        protocol=b'NTLM',

        forbid_unauthenticated=False

    )



    # Start the ASGI server.

    config = Config()

    config.bind = ['localhost:9023']

    await serve(app, config)



if __name__ == '__main__':

    logging.basicConfig(level=logging.DEBUG)

    asyncio.run(main_async())

```



### Arguments



Optional arguments include:



* `protocol` (`bytes`): Either `b"Negotiate"` or `b"NTLM"` (for systems not part of a domain).

* `service` (`str`): The SPN service. Defaults to `"HTTP"`.

* `hostname` (`str`, optional): The hostname. Defaults to he result of `socket.gethostname()`.

* `session_duration` (`timedelta`, optional): The duration of a session. Defaults to 1 hour.

* `forbid_unauthenticated` (`bool`): If true, and authentication fails, send 403 (Forbidden). Otherwise handle the request unauthenticated.

* `context_key` (`str`, optional): The key used in the request context. Defaults to `sspi`.

* `whitelist` (`Sequence[str]`, optional): Paths not to authenticate. Defaults to `()`.



### Results



If the authentication is successful the SSPI details are added to the

`context` dictionary of the HttpRequest object with the key `"sspi"`

(if not overridden). There is a helper method `sspi_details` for this.



The following properties are set:



* `"client_principal"` (`str`): The username of the client.

* `"negotiated_protocol"` (`str`): The negotiated protocol.

* `"protocol"` (`str`): The requested protocol.

* `"spn"` (`str`): The SPN of the server.