A simple authentication backend to support Azure App Service "easyauth" authentication on top of Django's built-in user authentication system.
A user authenticating with a Django app that is already signed in under App Service Authentication will have their email address checked against the app's Users list. If matched, they will be logged in automatically. Otherwise, they will fall back to Django's default login process.
From your Django project, run:
wget https://github.com/corylk/django-easyauth/releases/download/v0.1/django-easyauth-0.1.tar.gz
python -m pip install --user django-easyauth-0.1.tar.gzINSTALLED_APPS = [
'easy_auth',
...
]AUTHENTICATION_BACKENDS = [
'easy_auth.backends.EasyAuthBackend',
]Specify the path that is the current login URL to ensure that unauthenticated users are redirected to the right view. The path must be specified before any projects that might override it (e.g. admin).
For example if the login URL is admin/login/, then add:
urlpatterns = [
path('admin/login/', include('easy_auth.urls')),
...
]By default, the user ID (email) is expected in the X-MS-CLIENT-PRINCIPAL-NAME header provided by App Service (read more). To change which claim is used, specify a different header with USERID_HEADER:
USERID_HEADER = 'x-ms-some-other-header'The header name is case insensitive.
By default, authenticated users will still be able to access the Django login form if accessed directly. This behavior can be changed with REDIRECT_AUTH_USERS, along with LOGIN_REDIRECT_URL.
Before enabling this feature, read more about the risks of doing this here.
REDIRECT_AUTH_USERS = True
LOGIN_REDIRECT_URL = '/admin'If you want to override the template of the fallback login form, the template path can be changed with LOGIN_TEMPLATE:
LOGIN_TEMPLATE = 'path/to/your/login.html'