Maintenance Port

Remoting SDK
1

Hi guys,

I want to create two access ports for my server:

  1. Normal port (8099) where services can be accessed via https externally.
  2. Maintenance port (8000) where only one ‘MaintenanceService’ can be accessed

I want clients accessing the server from port 8000 to have access to all services but those accessing the server from port 8099 to have access to all services BUT the ‘MaintenanceService’.
Currently I have a TROIndyHTTPServer which gives access over port 8099.
How do I restrict access to only specific services?

Thanks

2

Hi,
the easiest way - use different server/message types for different ports.
for example - usual HTTP should be used for normal port and ,say, SuperTCP for maintenance one or Bin message for normal users and another message type for maintenance.

in this way with GetDispatchInfo event you can distinguish what server/message was used.

another way: add roles.
You can assign maintenance role to MaintenanceService and users who don’t have this role can’t access to this server.
Role for users can be set in Login method.
Roles for Services/methods can be set in ServiceBuilder for RODL-based services or via RORole attribute for Code-First based services.

3

Hi
Is there any example of using RORole in CodeFirst based services? I couldn’t figure out how the client will show its credencials or roles to the server.

4

you can do it like:

  • server-side, declaration
  [RORole('Maintenance')]
  TMaintenanceService = class(TRORemoteDataModule, INewService)
  • server-side, login method
function TLoginService.Login(const UserID: Unicodestring; const Password: Unicodestring): boolean;
..
    if UserID = 'maintenance_user' then  
        Session.Roles := StringToStringArray('Maintenance');
5

Is there any way to verify the role without using login? Our services don’t use it (we authenticate via TRoAESEncryptionEnvelope…).

6

Hi,

you can try to use OnValidateRoles event and return True