An Authentication System is used to verify users and control access to different parts of a web application.
Django provides a powerful built-in authentication system that handles:
- User registration
- Login and logout
- Password hashing
- User sessions
- Permissions and access control
You do not need to build authentication from scratch.
Built-in User Model
Django includes a default User model with fields like:
- username
- password
- first_name
- last_name
- is_staff
- is_superuser
It is located in:
from django.contrib.auth.models import User
Creating a Superuser
To access the admin panel:
python manage.py createsuperuser
Then log in at:
Registering a New User
Example view to create a user:
from django.contrib.auth.models import User
from django.shortcuts import render, redirectdef register(request):
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"]
User.objects.create_user(username=username, password=password)
return redirect("login")
return render(request, "register.html")
create_user() automatically hashes the password for security.
Login System
Django provides authentication functions.
Example login view:
from django.contrib.auth import authenticate, logindef user_login(request):
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"] user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return redirect("home")
return render(request, "login.html")
authenticate() checks credentials.login() creates a session for the user.
Logout System
from django.contrib.auth import logoutdef user_logout(request):
logout(request)
return redirect("login")
Logout clears the user session.
Protecting Views (Login Required)
To restrict access to logged-in users:
from django.contrib.auth.decorators import login_required@login_required
def dashboard(request):
return render(request, "dashboard.html")
If the user is not logged in, Django redirects to the login page.
In settings.py:
LOGIN_URL = "login"
Checking Authentication in Template
{% if user.is_authenticated %}
<p>Welcome, {{ user.username }}</p>
<a href="{% url 'logout' %}">Logout</a>
{% else %}
<a href="{% url 'login' %}">Login</a>
{% endif %}
Permissions and Groups
Django supports:
- User permissions
- Groups
- Admin roles
You can assign permissions through the admin panel.
Example:
- Staff users
- Superusers
- Custom role-based access
Password Security
Django automatically:
- Hashes passwords
- Protects against common attacks
- Manages sessions securely
Never store plain-text passwords.
Why Authentication is Important
Authentication helps:
Secure user data
Protect sensitive pages
Control user access
Prevent unauthorized access
Build professional applications
Key Takeaway
Django’s built-in authentication system makes it easy to manage users securely.
It handles login, logout, registration, permissions, and password security — allowing you to focus on building features instead of implementing complex security systems from scratch.