Windows authentication with Django and Angular?

Question

I am trying to implement the single sign-on using Angular, Django, IIS server.

In IIS windows authentication is enabled.

Angular intercepter code :

intercept(req: HttpRequest<any>, next: HttpHandler):Observable<HttpEvent<any>> {   
 console.log("in intercept")   
 req = req.clone({  
 withCredentials: true });    
return next.handle(req);  }

Django settings.py:

MIDDLEWARE = [    
'django.middleware.security.SecurityMiddleware',    'django.contrib.sessions.middleware.SessionMiddleware',    'corsheaders.middleware.CorsMiddleware',    'django.middleware.common.CommonMiddleware',    'django.middleware.csrf.CsrfViewMiddleware',    'django.contrib.auth.middleware.AuthenticationMiddleware',    'django.contrib.auth.middleware.RemoteUserMiddleware',    'django.contrib.messages.middleware.MessageMiddleware',    'django.middleware.clickjacking.XFrameOptionsMiddleware',]

AUTHENTICATION_BACKENDS = (    'django.contrib.auth.backends.RemoteUserBackend',)

CORS_ORIGIN_ALLOW_ALL = True

ALLOWED_HOSTS = ["*"]

Getting error: (IP-address) has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

score 1 · Answer 1 · answered Feb 01 '19 at 23:00

The problem will lie in the Django setup, please have a look at this link: https://stackoverflow.com/a/38162454/4587598

If at first try won't work, strip all settings.py and setup from scratch, firstly checking if CORS issue does not occur and afterwards add authentication complexity.

score 1 · Accepted Answer · answered Feb 04 '19 at 10:24

1

Try this configuration in settings.py

CORS_ORIGIN_ALLOW_ALL = True CORS_ALLOW_CREDENTIALS = True

CORS_ALLOW_CREDENTIALS = True # This one is required when you are using withCredentials: true

answered Feb 04 '19 at 10:24

partha

154
7

score 0 · Answer 3 · answered Feb 04 '19 at 09:32

try django-cors-headers pip install django-cors-headers

And set it up In your settings.py

INSTALLED_APPS = (
    ...
    'corsheaders',
    ...
)

You will also need to add a middleware class to listen in on responses:

MIDDLEWARE = [  # Or MIDDLEWARE_CLASSES on Django < 1.10
    ...
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

CorsMiddleware should be placed as high as possible, especially before any middleware that can generate responses such as Django's CommonMiddleware

CORS_ORIGIN_ALLOW_ALL = True

Windows authentication with Django and Angular?

3 Answers3