151

I'm trying to use basic HTTP authentication in Python. I am using the Requests library:

auth = requests.post('http://' + hostname, auth=HTTPBasicAuth(user, password))
request = requests.get('http://' + hostname + '/rest/applications')

Response form auth variable:

<<class 'requests.cookies.RequestsCookieJar'>[<Cookie JSESSIONID=cb10906c6219c07f887dff5312fb for appdynamics/controller>]>
200
CaseInsensitiveDict({'content-encoding': 'gzip', 'x-powered-by': 'JSP/2.2', 'transfer-encoding': 'chunked', 'set-cookie': 'JSESSIONID=cb10906c6219c07f887dff5312fb; Path=/controller; HttpOnly', 'expires': 'Wed, 05 Nov 2014 19:03:37 GMT', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=78000', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html;charset=ISO-8859-1'})

But when I try to get data from different location, I'm getting HTTP Status 401 error:

<<class 'requests.cookies.RequestsCookieJar'>[]>
401
CaseInsensitiveDict({'content-length': '1073', 'x-powered-by': 'Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Oracle Corporation/1.7)', 'expires': 'Thu, 01 Jan 1970 00:00:00 UTC', 'server': 'nginx/1.1.19', 'connection': 'keep-alive', 'pragma': 'No-cache', 'cache-control': 'no-cache', 'date': 'Tue, 04 Nov 2014 21:23:37 GMT', 'content-type': 'text/html', 'www-authenticate': 'Basic realm="controller_realm"'})

As far as I understand, in the second request session parameters are not substituted.

Improve this question
3
  • 1
    You need to include code for making the second request Commented Nov 4, 2014 at 21:37
  • I don't know how to do it, and I can't find an appropriate manual Commented Nov 4, 2014 at 21:43
  • 3
    I mean, you need to include your code for the second request. By second request are you referring to the 'get' request? Commented Nov 4, 2014 at 21:47

6 Answers 6

Reset to default
160

You need to use a session object and send the authentication each request. The session will also track cookies for you:

session = requests.Session()
session.auth = (user, password)

auth = session.post('http://' + hostname)
response = session.get('http://' + hostname + '/rest/applications')
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thanks for your reply, but it's doesn't work too :( Error is the same as previous
@oleksii: define 'does not work'. And when you use POST (with no parameters, I note), does the server return any token or anything that you'd need to use for the REST API here? In other words, what does the documentation for the API state you need to do?
@Sarit how so? Note that I link to the official documentation in my answer.
@MartijnPieters After read your comment 10th fimes. I still not understand. I can use basicAuth in the Postman. Postman will digest username/password into header Authorization: Basic <....>. But I could not be able to connect why I need session here, but it works! What's wrong with @oleksii attempt?
@Sarit: The header needs to be included in every request that you send to the server; usually the only way the server can authenticate you based on the header being present, no other info. The easiest way to add the header to every request is to use a session. You don't have to, but then you have to include the header manually in each request.
|
124 
import requests

from requests.auth import HTTPBasicAuth
res = requests.post('https://api.github.com/user', auth=HTTPBasicAuth('user', 'password'))
print(res)
Improve this answer

2 Comments

requests.posts does not work for me but requests.get does, there is also a shorter version requests.get(url, auth=(username, password))
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.
57

In Python3 it becomes easy:

import requests
response = requests.get(uri, auth=(user, password))
Improve this answer

2 Comments

You may need to additionally install requests-toolbelt pip install requests-toolbelt
This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.
3

Below one worked for me

#!/usr/bin/python3
import xml.etree.ElementTree as ET
import requests
from requests.auth import HTTPBasicAuth

url = 'http://172.25.38.135:600/service/xx/users'      # my URL     
response = requests.get(url, auth=HTTPBasicAuth('admin', 'adminpass!'))

string_xml = response.content
tree = ET.fromstring(string_xml)
ET.dump(tree)
Improve this answer

1 Comment

This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.
0

for python 2:

base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '')

request = urllib2.Request(url)

request.add_header("Authorization", "Basic %s" % base64string) 

result = urllib2.urlopen(request)
        data = result.read()
Improve this answer

1 Comment

This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.
-2

The following worked for me

from requests.auth import HTTPDigestAuth
url = 'https://someserver.com'
requests.get(url, auth=HTTPDigestAuth('user', 'pass'))
Improve this answer

1 Comment

This doesn't answer the question, which is about using the session cookie to authenticate subsequent requests.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.