Pass username from apache Basic Authentication to cherrypy

I need to use apache basic authentication for part of my application. I would like to get the authenticated username from apache, but I cannot seem to find where to access it. I can see the username in the apache log, so I know it's there somewhere. After the user is authenticated by apache, the request is sent via proxy to a cherrypy server.

Here is the section of my apache vhost config:

<Location /ical>
  AuthType Basic
  AuthBasicProvider ldap
  AuthName "Example Calendar Login"
  AuthLDAPUrl "ldaps://ldap.example.net/ou=People,dc=example,dc=net?uid"
  Require valid-user

  ProxyPass http://localhost:8082/                                                                                                                                                                                                     
  ProxyPassReverse http://localhost:8082/                                                                                                                                                                                              
  SetEnv proxy-nokeepalive 1
</Location>

The user authentication and proxy bit is working just fine. Once the request is authenticated and sent to cherrypy, here are the headers I have in cherrypy:

(Pdb) pp cherrypy.request.headers
{'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
 'Accept-Encoding': 'gzip,deflate',
 'Accept-Language': 'en-us,en;q=0.5',
 'Authorization': 'Basic xxxxxxxxxxx',
 'Connection': 'close',
 'Host': 'sub.example.net',
 'If-None-Match': 'e5b0879ce68fcce5b960ce4281c8d706',
 'Remote-Addr': '10.132.32.86',
 'User-Agent': 'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 (lucid) Firefox/3.6.10',
 'X-Forwarded-For': 'xx.xx.xx.xx, xx.xx.xx.xx',
 'X-Forwarded-Host': 'sub.example.net, sub.example.net',
 'X-Forwarded-Server': 'sub.example.net, sub'}

Can anyone help me access the username from apache basic auth?


I have added a header to pass the authenticated user based on apache.

RewriteEngine On
RewriteCond %{REMOTE_USER} ^(.*)$
RewriteRule ^(.*)$ - [E=R_U:%1]
RequestHeader set X-Remote-User %{R_U}e

Your cherrypy application is receiving the Basic Auth information, since we see this in the headers:

'Authorization': 'Basic xxxxxxxxxxxxxxxxxxxxxx==',

You just need to:

  1. decode the Base64 string 'xxxxxxxxxxxxxxxxxxxxxx==', and
  2. extract the username from the decoded username:password string.

Since this isn't stackoverflow ;) , I won't bother giving an exact python implementation of the above, but it should get you started. The Wikipedia entry on Basic access authentication is quite informative and contains code snippets in various languages.

(Just a security note about this question: If you used a real username/password in generating the headers included in your question, be aware that you have revealed it to the world in the text of the 'Authorization' header above, since anyone who wants to can trivially decode it!)

Edit: I have 'x'-ed out the Authorization string.