Authentication Question

Using Delphi and the following components:
TRoIndyHTTPChannel, TRoBinMessage, TRoRemoteService, TRoDynamicRequest.

What would be the best way in order to keep unauthorized clients from connecting servers exposed on Internet?

I think to use TRoAESEncryptionEnvelope filling it with the same password at the client and server.

Is it a way to do that?

AES envelope will help.
also you can use HTTPS protocol
Indy based channels supports SSL certificates.

I’m very interested in using HTTPS. Do you have any example or the documentation link where I could find more information?

I’ve attached example of SSL server.
client and server are combined into one project, but it can be easily split to two projects:
testcase.zip (42.3 KB)

pls read also the Handling Self-Signed Certificates article

Wonderful! I give it a try. Thanks.

Hi
I am wondering if there is a way to catch only TRoAESEncryptionEnvelope errors (for instance, wrong passwords) at the client in the authentication step of the connection.

no, you can’t
but you can create a TROAESEncryptionEnvelope descendant and write some data like control sum before encoding into the end of stream and validate it after decoding.
ofc, you need to remove it after validation from stream

OK.
Is there a better way to catch any connection problem in the client? In which component?

I am thinking of using TROServerExceptionEvent of TROBinMessage.

you are right

I just need a validation here. The code I’m using - at client - to place password in envelope is:

var
    lEnv: TROAESEncryptionEnvelope;
    lItem: TROMessageEnvelopeItem; 
begin
    lEnv := TROAESEncryptionEnvelope.Create(nil);
    lEnv.Password := 'some_password';
    lEnv.EnvelopeMarker := 'AES';

    lItem := TROMessageEnvelopeItem( FMsg.Envelopes.Add );
    lItem.Envelope := lEnv;
    lItem.Enabled := true;
end

It’s working.
I suppose that TROMessageEnvelopeItem would be destroyed when its array (TRoMessageEnvelope) and its parent (TRoBinMessage ) are destroyed but I don’t know for sure.
Moreover (and mode important) is when and where would TROAESEncryptionEnvelope be destroyed? Should I have to destroy it by myself?

lItem will be destroyed automatically
lEnv won’t be destroyed automatically unless you create it as TROAESEncryptionEnvelope.Create(Self);