[Trac] Authentication, IIS, Ticket 1522

Markus Fuchs trac at yeahware.com
Thu Jun 16 05:19:08 CDT 2005 

I'm working on a solution for http://projects.edgewall.com/trac/ticket/1522
in order to get Trac work with our Small Business Server 2003 (IIS6).
My plan is to catch all requests where path_info == '/login' but
req.remote_user is not yet set (this is the case on IIS when attempt to
login while granting anonymous access to Trac) and send a 401 header.

This basically works since req.remote_user gets set with the correct (NT)
username that was also added to Trac's users list. But unfortunately I only
get logged in to Trac when removing the req.redirect(referer or
env.href.wiki()) line (see source code below).

Could someone please explain why I cannot redirect after a 401
WWW-Authenticate header?

Markus

---

def dispatch_request(path_info, req, env):
    """
    Main entry point for the Trac web interface.
    """

    # [MF] added to get authentication to work with IIS
    if not req.remote_user and path_info == '/login':
        req.send_response(401)
        req.send_header('WWW-Authenticate', 'Basic realm="%s"' % 'default')
        req.end_headers()
        return

    # Re-parse the configuration file if it changed
    # since the last the time it was parsed
    env.config.parse_if_needed()

    base_url = env.config.get('trac', 'base_url')
    if not base_url:
        base_url = absolute_url(req)
    req.base_url = base_url
    req.path_info = path_info

    env.href = Href(req.cgi_location)
    env.abs_href = Href(req.base_url)

    db = env.get_db_cnx()

    try:
        try:
            from trac.web.auth import Authenticator
            check_ip = env.config.get('trac', 'check_auth_ip')
            check_ip = check_ip.strip().lower() in TRUE
            authenticator = Authenticator(db, req, check_ip)
            if path_info == '/logout':
                authenticator.logout()
                referer = req.get_header('Referer')
                if referer and not referer.startswith(req.base_url):
                    # only redirect to referer if the latter is from
                    # the same instance
                    referer = None
                req.redirect(referer or env.href.wiki())
            elif req.remote_user:
                authenticator.login(req)
                if path_info == '/login':
                    referer = req.get_header('Referer')
                    if referer and not referer.startswith(req.base_url):
                        # only redirect to referer if the latter is from the
                        # same instance
                        referer = None
                    req.redirect(referer or env.href.wiki())     # <-- [MF]
comment out and you'll get logged in!
            env.log.error('after redirect')
            req.authname = authenticator.authname
            req.perm = PermissionCache(db, req.authname)

            newsession = req.args.has_key('newsession')
            req.session = Session(env, db, req, newsession)

            try:
                dispatcher = RequestDispatcher(env)
                dispatcher.dispatch(req)
            finally:
                # Give the session a chance to persist changes
                req.session.save()

        except RequestDone:
            pass

    finally:
        db.close()

More information about the Trac mailing list