Reading IIS Session Variables from Flask App with wfastcgi.py
I'm building a secured app with Flask 0.12 on IIS 7.0. The site is on a subdomain so its urls all begin with:
https://<subdomain>.<domain>/<app_name>/
wfastcgi.py strips away these prefixes and passes only the route names to my Flask app. So the above URL would be presented to my app as route /. There are other web apps (ASP.net and PHP) hosted on the same subdomain but with different app_name constants.
Since my users are required to login to the server before hitting my app, I'd like to use their Windows domain unique user ids to manage page-by-page permissions in the app. In ASP.NET I could do this using the httpcontext but that isn't available in Flask. And when I dump the session contents like so:
@app.route('/session_tester')
def session_test():
return str(session)
I get an empty page in response.
How can I access my IIS session variables from the Flask App? Is there a configuration variable I'm missing?
When a user is authenticated by IIS, their username is present in the REMOTE_USER environment variable. Other contextual information is also stored in different environment variables. You can configure which variables are made available to the application, but REMOTE_USER and a few others should be there by default.
So, you should be able to get the logged in user by os.environ.get('REMOTE_USER').
@app.route('/')
def index():
username = os.environ.get('REMOTE_USER')
template = "<h1>User: {{ username }}</h1>"
return render_template_string(template, username=username)
If you want your Flask session to be aware of the user session, you need to have users log into the Flask app, not IIS. Alternatively, you can have a middleware that logs users into your Flask app based on the REMOTE_USER environment variable. This should be achievable using the flask_login extension, for example.
Edit:
You can also access environment variables via the request proxy object. e.g. request.environ['REMOTE_USER']. See also request.authorization