Jump to content

Fetching Windows Auth User ID Issue in Python Flask Application on IIS with HttpPlatformHandler

Guest PradeepSharma

By Guest PradeepSharma
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest PradeepSharma

Guest PradeepSharma

Posted
Posted

Problem : Deploying Python Flask applications on IIS can be a smooth process, but occasionally, issues arise that require careful troubleshooting. One such issue involves the failure of a Flask application to retrieve the Windows Authentication user ID when using the HttpPlatformHandler. Please note that retrieving the user details was successful using WFastCGI but not with HttpPlatformHandler. Let’s see how we can fetch the user details in such scenario.

 

 

 

Few Pointers :

 

Move to HttpPlateFormHandlers form WFastCGI: WFastCGI is no longer maintained. Refer to this.

 

Configure Python web apps for IIS - Visual Studio (Windows) | Microsoft Learn

 

 

 

[ATTACH type=full" alt="PradeepSharma_0-1724942153250.png]64137[/ATTACH]

 

 

 

Configuration Adjustment:

 

A key step was enabling the ForwardWindowsAuthToken option in the HttpPlatformHandler configuration. This setting forwards the Windows Authentication token to the application, allowing it to be accessed and processed within the code.

 

[ATTACH type=full" alt="PradeepSharma_1-1724942153254.png]64138[/ATTACH]

 

 

 

Code Implementation:

 

After adjusting the configuration, you can update the Flask application code to fetch the Windows Authentication user ID. The following code snippet demonstrates how this was done:

 

 

 


from flask import Flask, request, render_template

import os

import win32api

import win32security



def create_app():

app = Flask(__name__)



@app.route("/")

def hello_world():

s_vars = request.environ

user = os.environ.get('USERNAME')

handle_str = request.headers['x-iis-windowsauthtoken']

handle = int(handle_str,16)

win32security.ImpersonateLoggedOnUser(handle)

user1 = win32api.GetUserName()

win32api.CloseHandle(handle)

return f"Hello World!: {user1}"



return app

 

 

 

This code snippet demonstrates how to use the win32api and win32security modules to impersonate the logged-on user and retrieve their username. The important element here is the x-iis-windowsauthtoken header, which contains the Windows Authentication token passed on by the HttpPlatformHandler.

 

 

 

Ensure Dependencies:

 

Please ensure that the pywin32 package is installed, as it provides the necessary functionality to interact with Windows APIs within the Python environment.

 

 

 

[ATTACH type=full" alt="PradeepSharma_2-1724942153254.jpeg]64139[/ATTACH]

 

 

For further information, refer to the following resources:

 

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...