[70388 Closed] Http logon / authentication

bobokonijn · October 31, 2014, 7:20am

Hello Remobjects team,

I am about to start a project which will run as an ISAPI DLL (SOAP webservice) eventually. When it’s ready, it must support the standard http authentication (user name and password) mechanism.

During development, I’d like to create TWO projects, one will be a standard EXE with built-in webserver to facilitate debugging and the other one will contain the same units but work as an ISAPI.

My question: How do I implement the http authentication in a standalone exe?

Kind regards,
Arthur Hoornweg

EvgenyK · October 31, 2014, 8:51am

If you are using HTTP server, you can implement OnGetDispatchInfo event as

procedure TNewService.RORemoteDataModuleGetDispatchInfo(
  const aTransport: IROTransport; const aMessage: IROMessage);
var
  l: IROHTTPRequest;
begin
  if Supports(aTransport,IROHTTPRequest,l) then begin
    if l.UsesAuthentication then begin
      //l.AuthUsername
      //l.AuthPassword
    end
    else begin
      raise Exception.Create('Authentication required');
    end;
  end;
end;

bobokonijn · November 10, 2014, 2:19pm

I am sorry, it isn’t clear to me.

I have started a simple server project (Delphi executable, troIndyHttpServer, roSoapMessage). I implemented the event exactly asyou suggested above.

Now I start my browser and type http://localhost:8099/SOAP. The browser shows me the wsdl. Shouldn’t it ask for a user name/password?

Kind regards,
Arthur

EvgenyK · November 11, 2014, 8:44am

At this moment, you can check http authentication only before call of service methods.
Logged as 70388.

as a temporary workaround, you can update uROBaseHTTPServer.pas as

TROHTTPAuthentication = procedure(Sender:TROBaseHTTPServer; aUserName, aPassword: string; var aLoginSuccessful: Boolean) of object;

TROBaseHTTPServer = class(TROCustomHTTPServer)
private
  fOnHTTPAuthentication: TROHTTPAuthentication;
published
   property OnHTTPAuthentication: TROHTTPAuthentication read fOnHTTPAuthentication write fOnHTTPAuthentication;


procedure TROBaseHTTPServer.ProcessRequest(const aTransport: IROHTTPTransportEx;
  const aRequestStream: TStream; out aResponseStream: TROBinaryMemoryStream;
  const aResponse: IROHTTPResponse);
var
  l: IROHTTPRequest;
  lLoginSuccessful: Boolean;
...
    aResponse.Headers[id_AcceptEncoding] := HTTP_SupportedEncoding;  // existing
    // added
    if assigned(fOnHTTPAuthentication) then begin
       Supports(aTransport,IROHTTPRequest,l);
       lLoginSuccessful := False;
       fOnHTTPAuthentication(self, l.AuthUsername, l.AuthPassword, lLoginSuccessful);
       if not lLoginSuccessful then begin
         aResponseStream := TROBinaryMemoryStream.Create;
         aResponse.Code := HTTP_401_code;
         aResponse.Status:= HTTP_401_status;
         WriteAnsiError(HTTP_401_status);
         exit;
       end;
    end;
    // end added

RemObjectsSoftware · November 21, 2014, 2:06pm

bugs://70388 got closed as fixed