Icon View Thread

The following is the text of the current message along with any replies.
Messages 11 to 13 of 13 total
Thread Web Server Module
Wed, Oct 21 2015 4:10 PMPermanent Link

Raul

Team Elevate Team Elevate

On 10/21/2015 11:26 AM, Pasquale wrote:
> excuse me raul
> i have this code
> how do I use "Authenticating Requests" ?
> write me example please .

Here is a really simple example.

1. You need to setup your datasets to require authentication.

In my case i used EDB as database and created a dataset called SysInfo
but other databases are OK as well


Accessing this from browser normally
(http://localhost/datasets?method=rows&dataset=SysInfo) i get this error
message

"ElevateDB Error #501 Login failed (Login aborted)"


when i include username/password
(http://localhost/datasets?method=rows&dataset=SysInfo&user=test&password=test)
i get this (which is correct data) :

{   "rows": [
{ "AppVer": "1.0", "ReleaseDate": 1445385600000, "LoginAllowed": true }
] }


Anyways - you'd need to make sure all your datasets are setup this way -
all require authentication to return data.

2. the EWB code itself is almost all like yours :

procedure TfrmLogin.Button1Click(Sender: TObject);
begin
  IF (Edit1.Text <>'') And (PasswordEdit1.Text <>'') Then
  begin
   DataBase.Username := Edit1.Text;
   DataBase.Password := PasswordEdit1.Text;
   DataBase.LoadRows(DataSet1);
  end;
end;

procedure TfrmLogin.DataSet1LoadError(Sender: TObject; const ErrorMsg:
String);
begin
   if Pos('Login failed',ErrorMsg) then
      ShowMessage('Error! Username/password incorrect ')
   else
      ShowMessage('Error! ' + ErrorMsg);
   //also clear the failed login request from queue
   if DataBase.NumPendingRequests>0 then DataBase.CancelPendingRequests;
end;

procedure TfrmLogin.DataSet1AfterLoad(Sender: TObject);
begin
   if DataSet1.RowCount > 0 then
   begin
      ShowMessage(' Login OK . AppVersion = ' +
DataSet1.Columns['AppVer'].AsString);
      //username and password are OK  .....
   end;
end;


Note that TDatabase caches your login after this so all future LoadRows
should "just work".

OnLoadError is very simple - in real world you might want something
better there (deal with errors actually etc).


i also like using the DataBase.AuthenticationMethod := amParameters;
before loadrows - it makes it easier in browser debug tools but of
course could leak your login info in web server logs etc



> However beyond authentication to write the web server module need to force Delphi ?

Yes if you use EWB Web Server - which is a very nice option and "built
in" but is not required for EWB.

You could just use PHP/ASP/etc on the web server (you would need to
re-implement the dataset JSON handling yourself though but that is
relatively easy).



Raul
Thu, Oct 22 2015 3:47 AMPermanent Link

Pasquale

Web Pos srl

Sorry Raul not clear to me one thing .

But when you talk about username and password you mean those that are used to access the database ?

Or those associated with a user who needs to use your application ?
Thu, Oct 22 2015 8:50 AMPermanent Link

Raul

Team Elevate Team Elevate

On 10/22/2015 3:47 AM, Pasquale wrote:
> Sorry Raul not clear to me one thing .
> But when you talk about username and password you mean those that are used to access the database ?
> Or those associated with a user who needs to use your application ?

They are the same thing in this case - for dataset authentication you
must use database usernames/passwords.

DB users/password are the only ones EWB Web Server can use to provide
authentication at this time without the use of sever modules.

Most databases allow you to provide fairly fine-grained control over
actual database access.

Raul


« Previous PagePage 2 of 2
Jump to Page:  1 2
Image