Today I'm dealing with a Python3 script that has to do a http post request and send a mail.
The Python script is launched on a Windows PC that is in a corporate network protected by Forefront.
The user is logged with his secret credentials and can access to the internet through a proxy.
Like the other non-Microsoft applications (i.e. Chrome), I want my script to connect to the internet without prompt the user for his username and password.
How can I do this?
On Microsoft OSes, the authentication used is Kerberos, so you won't be able to use directly your ID + password.
I'm on Linux, so I can't test it directly but I think that you can create a proxy with fiddler which can negociate the authentication for you, and you can use this proxy with python.
Fiddler's Composer will automatically respond to authentication challenges (including the Negotiate protocol which wraps Kerberos) if you tick the Authentication box on the Options subtab, in the menus.
Related
How to configure Gmail API on a AWS Ubuntu VPS? I am able to make it work properly on my Linux Machine, but after I run the code on my VPS, it asks me to authenticate by visiting the URL. I copied the URL and tried authenticating myself. While authenticating myself in browser, I am redirected to localhost:<random-port>?state=... and cannot authenticate myself as it cannot connect to localhost. How can I configure this properly on my Ubuntu VPS?
i have used the default code provided by google developers: https://developers.google.com/gmail/api/quickstart/python
I have encountered the same problem.
When you will try to authenticate using your browser, it will try to redirect you to some localhost URL. Just copy that localhost URL, log in to your VPS, open the terminal, type python3 (or python), and finally type these commands:
import requests
url = "http://localhost:xxxxx-url-you-got-in-your-browswer"
resp = requests.get(url)
exit()
After these commands, it should generate a Gmail API token.
I'm creating a python flask api on remote desktop and running it on localhost of remote desktop.
Is there anyway I can access this api from my local machine?
We are working in a team and I want to share this with my team members, but this is confidential and not to be deployed on open server.
We want to post and get the result with every member's local machine from api runnnig on remote desktop.
Both of our local machines and remote desktop are windows10.
Sorry for being abstract but I'm searching for any way out. Thanks.
Well, you should open your way to this API. You'll have to set up a VPN or IP address filter in the server so you can access the server from your network while still have it secured on the Internet. You can also setup a simpler proxy if you prefer it. I'll not cover the details on how to setup a VPN or proxy since it can get pretty extensive, but a Google search will help you out find the best alternative for you.
AFAIK, the Remote Desktop Protocol does not allow for any kind of VPN. However, if you can switch to TeamViewer, it does have an easy to setup VPN system that will allow you to get into the network with few configuration. Once a VPN is configured, it will work like if you were in the same network as the server, so from there you can access your API from your host machine by just going to the IP address of the server.
Do notice the security policies of whoever owns the server, since you can get into trouble if you don't have permission to enable some access from the outside. Security goes always in front of comfort.
Short term solution:
Firstly download ngrok for your operating system.
For debugging and testing purposes you can expose a secure tunnel connection to your API by running this command in your command prompt / terminal.
ngrok http <PORT_NUMBER>-host-header="localhost:<PORT_NUMBER>"
Where PORT_NUMBER is the port number in which your flask application is running.
Example if your flask application is running at port 5000 then simply execute this command:
ngrok http 5000 -host-header="localhost:5000"
Running this will give you two hostnames one with HTTP and other a secure HTTPS connected by a tunnel like this for a duration of 8 hours after which the command needs to again re-run.
Which you can call remotely
Long term solution:
Deploy flask application using FastCGI
or
To a cloud infrastructure provider like Microsoft Azure which gives readymade templates for flask applications.
I have a python script that needs to make an http request (using the requests library) to an IIS server with ntlm authentication.
The script will run on a RedHat box, where the user's login credentials are authenticated with ActiveDirectory.
If you have a valid username/password for the AD domain, and therefore the web server, the use of requests-ntlm to authenticate to the server is obvious enough.
But what I'd like to do is to be able to authenticate to the web server using the user's session on the RedHat box, so the user doesn't have to type in their username & password again. Is this possible/how do you do this?
When I logon to my company's computer with the AD username/password, I find that my Outlook will launch successfully. That means the AD authentication has passed.
In my opinion, outlook retrieves the AD user information, then sends it to an LDAP server to verify.
But I don't know how it retrieves the information, or by some other methods?
You are right, there is an ongoing communication between your workstation and the Active Directory server, which can use LDAP protocol.
Since I don't know what you tried so far, I suggest that you look into the python module python-ldap. I have used it in the past to connect, query and modify information on Active-Directory servers.
I'm writing a master-control script to control our infrastructure. Security is a major concern so I'd like to address two issues:
I want the user to be able to execute the application then be prompted to 'login' to the program using the root credentials on the system(Linux - Ubuntu). Failure to authenticate will trigger an email event and lock the program. Can I authenticate against /etc/passwd? And how can I lockout the application?
Second, how do I secure the application from modification? I may have to hard-code certain attributes into the application. What are the ideal permissions for a script to be executed but not edited?
While this is a non-trivial solution, the most secure way to do this is taking a client/server approach, making your master-control script a system service, only readable and runnable by root. You can fire up the service via init.d startup infrastructure.
When the service starts, you'd need to open a socket or RPC server to handle your control commands. On Python this can easily be done using Twisted.
To authenticate via /etc/passwd you can use the crypt and pwd Python modules.