Goals: To do basic authentication without using Session as authorization. This allow direct client directly access API without the need to use Login method.
After some searching in the forum, i found a post for authorization method using ApiSimpleAuthenticationManager. Which is good but not exactly what i need. And i have further question for using ApiSimpleAuthenticationManager.
When does the Session manage by ApiSimpleAuthenticationManager expired? How do we set its duration? can we set it so that it wouldn’t expire?
If the session is unable to customize, I would have chosen to do basic authentication instead.
Here is the sample server that uses HTTP Basic Auth: HttpAPIBasicAuth.zip (60.6 KB)
I’ll log an issue to add the authentication manager class from this sample into core Remoting SDK
It is managed by the same Session Manager as all other server sessions. It is possible to adjust the session manager settings to increase the session timeout to say 1 year (so sessions can be considered as non-expiring)
Yes, this is the correct place. However if you want to move this initialization code to a different place (f.e. if you do not want to have infrastructure code in the program startup class) you can define a custom Network Server (if needed I can provide a sample for this).
The Timeout property is set in seconds.
However the expiration timer is run every 60 seconds. So even if you set expiration timeout to 1 second the session will be destroyed only when the expiration timer is run. So it can be alive for up to 60 seconds.
you should set RequireHTTPAuthentication to True, specify HTTPAuthenticationRealm and handle username & password in OnHTTPAuthentication event for your HTTP server.
this is all.