Fetching Windows Auth User ID Issue in Python Flask Application on IIS with HttpPlatformHandler

Problem : Deploying Python Flask applications on IIS can be a smooth process, but occasionally, issues arise that require careful troubleshooting. One such issue involves the failure of a Flask application to retrieve the Windows Authentication user ID when using the HttpPlatformHandler. Please note that retrieving the user details was successful using WFastCGI but not with HttpPlatformHandler. Let’s see how we can fetch the user details in such scenario.

Few Pointers :

Move to HttpPlateFormHandlers form WFastCGI: WFastCGI is no longer maintained. Refer to this.

Configure Python web apps for IIS - Visual Studio (Windows) | Microsoft Learn

Configuration Adjustment:

A key step was enabling the ForwardWindowsAuthToken option in the HttpPlatformHandler configuration. This setting forwards the Windows Authentication token to the application, allowing it to be accessed and processed within the code.

Code Implementation:

After adjusting the configuration, you can update the Flask application code to fetch the Windows Authentication user ID. The following code snippet demonstrates how this was done:

This code snippet demonstrates how to use the win32api and win32security modules to impersonate the logged-on user and retrieve their username. The important element here is the x-iis-windowsauthtoken header, which contains the Windows Authentication token passed on by the HttpPlatformHandler.

Ensure Dependencies:

Please ensure that the pywin32 package is installed, as it provides the necessary functionality to interact with Windows APIs within the Python environment.

For further information, refer to the following resources:

• Configure Web Apps for IIS in Python
• HttpPlatformHandler Configuration Reference