# Authentication backend using a Windows NT domain controller.
# To activate, store this file as mysite/winauth.py and use:
# AUTHENTICATION_BACKENDS = ('mysite.winauth.DomainControllerAuthBackend',)
# in your settings.conf.
#
# Needs pywin32 extensions installed (and obviously only runs on Windows).
# Author: Bastian Kleineidam
from django.contrib.auth.models import User
from django.contrib.auth.backends import ModelBackend
import win32security
# Adjust this (you can also store it in settings.py)
DEFAULT_DOMAIN = "INTRANET"
class DomainControllerAuthBackend (ModelBackend):
"""Backend which verifies passwords against a Windows domain controller,
except superusers where the model password is checked."""
def authenticate (self, username=None, password=None):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
if user.is_superuser:
# superusers are local users, so check native password
if user.check_password(password):
return user
elif auth(username, password):
return user
return None
def auth (username, password, domain=DEFAULT_DOMAIN):
"""Authenticates user credentials to a Windows domain controller
Return True if user is authenticated, else False."""
try:
return win32security.LogonUser(
username, domain, password, win32security.LOGON32_LOGON_NETWORK,
win32security.LOGON32_PROVIDER_DEFAULT)
except win32security.error, msg:
# error should be logged, ignore it in this snippet for simplicity
pass
return False
Feed of latest snippets
Comments