Using soap header to authenticate user in stateless mode

Bob_Murdoch · May 28, 2016, 1:33am

Using Delphi with the latest ROSDK:

We are implementing a service that will require the client to send user id and password in the soap header on each method call.

I see that TROSoapMessage has a HeaderNode property, but which event would I use to evaluate that header?

Thank you.

EvgenyK · May 30, 2016, 8:34am

you can use OnGetDispatchInfo event like

procedure TMegaDemoService.RORemoteDataModuleGetDispatchInfo(const aTransport: IROTransport;
  const aMessage: IROMessage);
var
  k: IXMLNode;
  soap: IROSOAPMEssage;
begin
  if Supports(aMessage, IROSOAPMEssage, soap) then begin
    k := soap.HeaderNode;
    // do something
  end;
end;

Bob_Murdoch · June 3, 2016, 8:30pm

Thanks Evgeny - that works perfectly.

However, how can we update the WSDL in our server so that the client that implements the WSDL is aware that the username and password are required in the header?

EvgenyK · June 6, 2016, 8:44am

so do you want to send username&password at each client request?
we send ROClientIDHeader tag that specifies client session if on server-side by default in ROD

Bob_Murdoch · June 6, 2016, 1:11pm

Yes, the client would send user-id/password on each request in the header. The customer of this API cannot handle session tracking on their side, so they don’t want/can’t use the ROClientIDHeader.

The service is working for them if they manually modify the header on their side, but they would like the .Net importer to parse the WSDL and create the header class for them.

EvgenyK · June 6, 2016, 1:27pm

pls read this article - Tip: Implement implicit and explicit SOAP headers

Bob_Murdoch · June 7, 2016, 12:54pm

Thank you Evgeny, that is certainly an interesting article.

Is there an event in RemObjects that allows us to inject these implicit or explicit headers? I haven’t had any luck finding one yet.

EvgenyK · June 7, 2016, 12:57pm

you can use OnEnvelopeComplete event of TROSOAPMessage

JA · June 7, 2016, 3:12pm

We have already tried the suggested solution of using OnEnvelopeComplete to adjust the outgoing WSDL. The problem is OnEnvelopeComplete doesn’t fire on the server when a client requests the WSDL. After looking through the TROSOAPMessage object, it looks like the GetModuleInfo method is responsible for converting the RODL spec into a WSDL spec. We haven’t been to find an event that lets us manipulate the WSDL content before it is sent back in a response.

EvgenyK · June 8, 2016, 8:15am

this is a bit tricky.
declare this class near to your server:

TMySOAPMessage = class(TROSOAPMessage)
protected
  procedure GetModuleInfo(aStream : TStream; const aTransport : IROTransport; var aFormat : TDataFormat); override;
end;

procedure TMySOAPMessage.GetModuleInfo(aStream: TStream; const aTransport: IROTransport; var aFormat: TDataFormat);
begin
  inherited GetModuleInfo(aStream, aTransport, aFormat);
  // modify content of stream 
end;

register it instead of std TROSOAPMessage:

procedure TServerForm.FormCreate(Sender: TObject);
var
  fdisp : TROHTTPDispatcher;
begin
  fdisp := TROHTTPDispatcher(ROServer.Dispatchers.Add);
  fdisp.Message := TMySOAPMessage.Create(Self);
  fdisp.PathInfo := '/soap';
  ROServer.Active := true;
end;

JA · June 10, 2016, 10:29am

Thank you. Your information was very useful, and helped us add the desired extra WSDL details.