+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: IW cant Handle Authentication Header (/thread-2434.html)
Pages:
1
2
IW cant Handle Authentication Header - yonghu058 - 06-17-2021
Request with header
Code:
Authorization: Bearer ACCESS_TOKENreport Unsupport Authorization xxxx
waht can i do?
RE: IW cant Handle Authentication Header - kudzu - 06-17-2021
Please provide more context.
RE: IW cant Handle Authentication Header - yonghu058 - 06-17-2021
(06-17-2021, 03:17 PM)kudzu Wrote: Please provide more context.
Create StandAlone(Indy) Webapplication
Run It
Then Make a Request like {Can User Httpdebug Tool Like Fiddler}
Code:
GET http://127.0.0.1:8088/ HTTP/1.1
User-Agent: Fiddler
Authorization: Bearer ACCESS_TOKEN
Host: 127.0.0.1:8088Then Application will Report
Quote:Project Project1.exe raised exception class EInHTTPUnsupportedAuthorisationScheme with message 'Unsupported authorization scheme.'.
Any ServerControl Event is Trick
RE: IW cant Handle Authentication Header - yonghu058 - 06-18-2021
(06-17-2021, 03:17 PM)kudzu Wrote: Please provide more context.
The Problem is From Indy
How Can I get Server in IW,Then Set OnParseAuthentication Event Will be Ok
RE: IW cant Handle Authentication Header - rlebeau - 06-18-2021
(06-17-2021, 06:01 PM)yonghu058 Wrote: Project Project1.exe raised exception class EInHTTPUnsupportedAuthorisationScheme with message 'Unsupported authorization scheme.'.
TIdHTTPServer implements native support for only BASIC authentication. For other authentications, you need to use the TIdHTTPServer.OnParseAuthentication event to handle them manually, eg:
Code:
procedure TMyForm.IdHTTPServer1ParseAuthentication(AContext: TIdContext;
const AAuthType, AAuthData: String; var VUsername, VPassword: String;
var VHandled: Boolean);
begin
if TextIsSame(AAuthType, 'Bearer') then begin
VUsername := '';
VPassword := AAuthData;
VHandled := True;
end;
end;And then your TIdHTTPServer.OnCommand... event handlers can use the token stored in ARequestInfo.AuthPassword as needed (if ARequestInfo.AuthExists = True).
Currently, there is no way for TIdHTTPRequestInfo to specify which auth type the client requested. If you need that info outside of your OnParseAuthentication event handler, it will need to store that info manually in the provided TIdContext. There are two ways to handle that:
- using the TIdContext.Data property, eg:
Code:
type
TMyContextData = class
public
AuthType: string;
...
end;
procedure TMyForm.IdHTTPServer1ParseAuthentication(AContext: TIdContext;
const AAuthType, AAuthData: String; var VUsername, VPassword: String;
var VHandled: Boolean);
begin
if AContext.Data = nil then begin
AContext.Data := TMyContextData.Create;
end;
TMyContextData(AContext.Data).AuthType := AAuthType;
if TextIsSame(AAuthType, 'Bearer') then begin
VUsername := '';
VPassword := AAuthData;
VHandled := True;
end;
end;
procedure TMyForm.IdHTTPServer1CommandGet(AContext: TIdContext;
ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
...
if ARequestInfo.AuthExists and (AContext.Data <> nil) then begin
case PosInStrArray(TMyContextData(AContext.Data).AuthType, ['Bearer', 'Basic', ...], False) of
0: begin
// use ARequestInfo.AuthPassword as needed...
end;
1: begin
// use ARequestInfo.AuthUsername and ARequestInfo.AuthPassword as needed ...
end;
...
end;
end;
...
end;- deriving a new class from TIdServerContext, adding custom fields/properties to it, and then assigning its type to the TIdHTTPServer.ContextClass property, eg:
Code:
type
TMyContext = class(TIdServerContext)
public
AuthType: string;
...
end;
procedure TMyForm.FormCreate(Sender: TObject);
begin
// must be set before the server is activated...
IdHTTPServer1.ContextClass := TMyContext;
end;
procedure TMyForm.IdHTTPServer1ParseAuthentication(AContext: TIdContext;
const AAuthType, AAuthData: String; var VUsername, VPassword: String;
var VHandled: Boolean);
begin
TMyContext(AContext).AuthType := AAuthType;
if TextIsSame(AAuthType, 'Bearer') then begin
VUsername := '';
VPassword := AAuthData;
VHandled := True;
end;
end;
procedure TMyForm.IdHTTPServer1CommandGet(AContext: TIdContext;
ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
...
if ARequestInfo.AuthExists then begin
case PosInStrArray(TMyContext(AContext).AuthType, ['Bearer', 'Basic', ...], False) of
0: begin
// use ARequestInfo.AuthPassword as needed...
end;
1: begin
// use ARequestInfo.AuthUsername and ARequestInfo.AuthPassword as needed ...
end;
...
end;
end;
...
end;RE: IW cant Handle Authentication Header - yonghu058 - 06-18-2021
I want Use Intraweb . How Can I Use Intraweb to do like above
I want Let Intraweb(standalone Indy) to accept it.How Can i Do?
RE: IW cant Handle Authentication Header - rlebeau - 06-18-2021
(06-18-2021, 05:22 PM)yonghu058 Wrote: I want Use Intraweb . How Can I Use Intraweb to do like above
I want Let Intraweb(standalone Indy) to accept it.How Can i Do?
That, I can't answer, sorry. I am not familiar with IntraWeb's architecture, or have access to its source code.
RE: IW cant Handle Authentication Header - yonghu058 - 06-19-2021
(06-18-2021, 11:01 PM)rlebeau Wrote:(06-18-2021, 05:22 PM)yonghu058 Wrote: I want Use Intraweb . How Can I Use Intraweb to do like above
I want Let Intraweb(standalone Indy) to accept it.How Can i Do?
That, I can't answer, sorry. I am not familiar with IntraWeb's architecture, or have access to its source code.
Thank You Anyway
RE: IW cant Handle Authentication Header - yonghu058 - 07-06-2021
No body know?
RE: IW cant Handle Authentication Header - Alexandre Machado - 07-09-2021
I'll need some time to investigate this. Maybe we can expose the OnParseAuthentication event, but I'm not sure yet.