OData authentication problems

I’m messing about with the OData support in my Delphi server but I can’t seem to get the authentication to work.

The old documentation wiki says this for the HttpAuthLoginServiceName:

When it’s set, the name used should be the name of a SimpleLoginService descendant with a Login method implementation.

I don’t understand this as the Login method isn’t virtual so how can I override it in a descendant class. If I try then, sure enough, the Login method of my descendant service, specified in the above property, is never called. When I test with LINQPad, I just keep getting 401 Unauthorized errors.

Can anyone give me any pointers?

authentication steps:

  • TDAODataSchemaDispatcher.OnLoginNeeded event (if assigned)
  • TDAODataSchemaDispatcher.HttpAuthLoginServiceName.OnLogin event (it was called from Login method)

you can set breakpoint at TDAODataSchemaDispatcher.DoAuthenticate (uDAODataDispatcher.pas) and review what is wrong

Thanks - I’m probably just being thick but is there an example of this anywhere? I know very little about OData and have just been asked about it by someone else.

wizard should create a working ODATA server if correspondent option is set.
you can open http://localhost:8099/odata in browser like IE, FireFox, etc and it will ask for password

Sorry to resurrect after three years but as you can tell I’m looking at this again.

Regards authentication, is there a way I can unify this with HttpApi? I’ve already got that working with a Login method which returns the new session GUID, which I then supply in the Access-Token header for future REST calls. Is there a way I can supply that to ODATA to re-use the same session/authentication?

Hi,

yes, you can reuse the same session.
for ODATA, you should provide received Access-Token value as header or query value:

  lSessionId := aRec^.lRequest.Headers['clientid'];
  if lSessionId = '' then lSessionId := aRec^.lRequest.Headers['sessionid'];
  if lSessionId = '' then lSessionId := aRec^.lRequest.Headers['session'];
  if lSessionId = '' then lSessionId := aRec^.lRequest.GetQueryString('session');
  if lSessionId = '' then lSessionId := aRec^.lRequest.GetQueryString('sessionid');