Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rob-blackbourn/bareasgi-sspi
ASGI middleware for SSPI authentication
https://github.com/rob-blackbourn/bareasgi-sspi
asgi asyncio bareasgi hypercorn python python3 spnego sspi uvicorn windows
Last synced: 23 days ago
JSON representation
ASGI middleware for SSPI authentication
- Host: GitHub
- URL: https://github.com/rob-blackbourn/bareasgi-sspi
- Owner: rob-blackbourn
- License: apache-2.0
- Created: 2022-09-10T10:14:06.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2022-10-12T11:03:45.000Z (about 2 years ago)
- Last Synced: 2024-11-20T07:28:05.404Z (about 1 month ago)
- Topics: asgi, asyncio, bareasgi, hypercorn, python, python3, spnego, sspi, uvicorn, windows
- Language: Python
- Homepage:
- Size: 91.8 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# bareASGI-sspi
[ASGI](https://asgi.readthedocs.io/en/latest/index.html) middleware
for the [bareASGI](https://github.com/rob-blackbourn/bareASGI) framework
providing [SSPI](https://en.wikipedia.org/wiki/Security_Support_Provider_Interface) authentication
on Windows.The implementation uses the [pyspnego](https://github.com/jborean93/pyspnego) package.
There is also a generic ASGI server middleware implementation in the package
[jetblack-asgi-sspi](https://github.com/rob-blackbourn/jetblack-asgi-sspi).## Installation
Install from the pie store.
```
pip install bareasgi-sspi
```## Usage
The following program uses the
[Hypercorn](https://pgjones.gitlab.io/hypercorn/)
ASGI server.```python
import asyncio
import logging
from typing import Optionalfrom bareasgi import Application, HttpRequest, HttpResponse
from bareutils import text_writer
from hypercorn import Config
from hypercorn.asyncio import servefrom bareasgi_sspi import add_sspi_middleware, sspi_details
# A callback to display the results of the SSPI middleware.
async def http_request_callback(request: HttpRequest) -> HttpResponse:
# Get the details from the request context request['sspi']. Note if
# authentication failed this might be absent or empty.
sspi = sspi_details(request)
client_principal = (
sspi['client_principal']
if sspi is not None
else 'unknown'
)
return HttpResponse(
200,
[(b'content-type', b'text/plain')],
text_writer(f"Authenticated as '{client_principal}'")
)async def main_async():
# Make the ASGI application using the middleware.
app = Application()
app.http_router.add({'GET'}, '/', http_request_callback)# Add the middleware. Change the protocol from Negotiate to NTLM,
# and allow unauthenticated requests to pass through.
add_sspi_middleware(
app,
protocol=b'NTLM',
forbid_unauthenticated=False
)# Start the ASGI server.
config = Config()
config.bind = ['localhost:9023']
await serve(app, config)if __name__ == '__main__':
logging.basicConfig(level=logging.DEBUG)
asyncio.run(main_async())
```### Arguments
Optional arguments include:
* `protocol` (`bytes`): Either `b"Negotiate"` or `b"NTLM"` (for systems not part of a domain).
* `service` (`str`): The SPN service. Defaults to `"HTTP"`.
* `hostname` (`str`, optional): The hostname. Defaults to he result of `socket.gethostname()`.
* `session_duration` (`timedelta`, optional): The duration of a session. Defaults to 1 hour.
* `forbid_unauthenticated` (`bool`): If true, and authentication fails, send 403 (Forbidden). Otherwise handle the request unauthenticated.
* `context_key` (`str`, optional): The key used in the request context. Defaults to `sspi`.
* `whitelist` (`Sequence[str]`, optional): Paths not to authenticate. Defaults to `()`.### Results
If the authentication is successful the SSPI details are added to the
`context` dictionary of the HttpRequest object with the key `"sspi"`
(if not overridden). There is a helper method `sspi_details` for this.The following properties are set:
* `"client_principal"` (`str`): The username of the client.
* `"negotiated_protocol"` (`str`): The negotiated protocol.
* `"protocol"` (`str`): The requested protocol.
* `"spn"` (`str`): The SPN of the server.