swatt at infobal
Jun 3, 2009, 7:07 AM
Views: 433
Permalink
|
|
Applying external web server authentication: is there a better way?
|
|
I'm developing an app which uses IIS and FastCGI as its back end. Also,
we are expected by the client to use Windows integrated authentication
in the server -- this is an intranet app, so no login screen should be
expected.
Picking up the user id is fairly easy - it's set as the REMOTE_USER CGI
header by IIS authentication, and the engine puts it into the deprecated
$c->request->user. I was using this as the identity (bad, I know) and
got burned by the fact that we couldn't properly test multiple users
with Test::WWW::Mechanize::Catalyst.
I wanted to switch to Catalyst::Plugin::Authentication. This seemed a
little unusual when we aren't really doing any authentication, but
trying to read the one already performed, so I put together a
Catalyst::Authentication::Credential::Environment module, that simply
reads (the still deprecated) $c->request->user. I didn't really want to
do all the authentication with Catalyst::Plugin::Authentication, even
though is seems possible. And testing was now easy, we got per-user
sessions, and everything. Anyway, what I wrote as the main method was:
sub authenticate {
my ( $self, $c, $realm, $auth_info ) = @_;
$c->log->debug("Using environment authentication");
my $username = $c->request->user();
if ( defined( $username ) && ( $username ne '' )) {
my $user_obj = $realm->find_user( { username => $username }, $c );
if ( ref( $user_obj ) ) {
$user_obj->id( $username );
return $user_obj;
}
}
return;
}
Is there another simple but better way to achieve this? Ideally one
which avoids the deprecated $c->request->user. I'm only starting to use
Catalyst for authentication stuff.
All the best
Stuart
--
Stuart Watt
ARM Product Developer
Information Balance
|
Applying external web server authentication: is there a better way?
