Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 5 of 5 total |
TServerRequest and TDatabase Username / Password |
Sun, Oct 6 2013 1:11 PM | Permanent Link |
Eivind | Hi
I'm in the process of building a Delphi HTTP Server using Indy HTTP Server component. So far it's going good and I can serve the files and JSON data. I'm now at a stage of building Authentication, hence this question. My plan was in EWB to use a TServerRequest and issue a request with username and password and return a session id that I will pass in the header of all subsequent requests when requesting JSON data. TDatabase and TServerRequest has a Usernane and Password property, but I cannot get those values on the Indy server. Are they for some other purpose than sending auth request to the server? I have also been thinking of creating my own Basic Authenticate header, but I cannot find a function for base64 encode the usernamessword string. Does this exists in EWB? Thanks for any heads up's on this Eivind |
Sun, Oct 6 2013 9:02 PM | Permanent Link |
Raul Team Elevate | On 10/6/2013 1:11 PM, Eivind wrote:
>TDatabase and TServerRequest has a Usernane and Password property, but I cannot get those values on the Indy server. You're not giving enough info on what you have done on Indy side for us to help. So here goes general answer: with Indy10 you'd have to do something like this if you want Indy to handle it . (wrote it from memory so might not be exact) In CommandGet/CommandOther : .... if ARequestInfo.AuthExists=false then begin AResponseInfo.AuthRealm := 'Give me auth'; AResponseInfo.ResponseNo := 401; exit end //otherwise check session and/or username/password and issue session if needed, etc .... OR Alternative is to just add your username/password manually into either URL params ( i.e. MyServerERquest.Add('user='+<user>) and similar for pass) or headers (MyServerERquest.RequestHeaders.Add('user'+<user>)) and parse yourself on Indy side. > I have also been thinking of creating my own Basic Authenticate header, but I cannot find a function for base64 encode the usernamessword string. Does this exists in EWB? If you do need to do it manually then base64 is trivial to write but i would not bother. Since you want to do own session management anyways just include it with params or headers and manage yourself. EWB official (as far i as know) suggestion is to just populate the username/password of TServerRequest every time and send it along. Obviously everything above should run over SSL Raul |
Mon, Oct 7 2013 4:53 AM | Permanent Link |
Matthew Jones | I'll just mention that you need to be careful with this, as you are of course
passing plain text passwords over the internet. This is not good in this day and age. Indy has SSL integration, and I'd recommend you use that. Me, I used the RemObject server which uses Indy and does all the hard work for me. /Matthew Jones/ |
Mon, Oct 7 2013 6:54 AM | Permanent Link |
Eivind | (Matthew Jones) wrote:
I'll just mention that you need to be careful with this, as you are of course passing plain text passwords over the internet. This is not good in this day and age. Indy has SSL integration, and I'd recommend you use that. Me, I used the RemObject server which uses Indy and does all the hard work for me. /Matthew Jones/ SSL will be implemented for sure once it's on the production server. At the moment I just purchased EWB and Delphi XE5 pro so my budget are a bit depleted for the moment when it comes to RemObj. I got it all working pretty well with Indy so the next step will be to add SSL. Thanks for the heads up though |
Tue, Oct 8 2013 3:39 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Eivind,
<< I'm in the process of building a Delphi HTTP Server using Indy HTTP Server component. So far it's going good and I can serve the files and JSON data. I'm now at a stage of building Authentication, hence this question. My plan was in EWB to use a TServerRequest and issue a request with username and password and return a session id that I will pass in the header of all subsequent requests when requesting JSON data. TDatabase and TServerRequest has a Usernane and Password property, but I cannot get those values on the Indy server. Are they for some other purpose than sending auth request to the server? >> There are two separate items here: 1) The TDatabase UserName/Password properties modify these headers sent over with JSON requests from the datasets/database: X-EWBUser X-EWBPassword These headers have special meaning beyond the HTTP authentication and are used for providing dynamic authorization to the underlying datasets/database. 2) The TServerRequest UserName/Password properties are are actual basic HTTP authentication. << I have also been thinking of creating my own Basic Authenticate header, but I cannot find a function for base64 encode the usernamessword string. Does this exists in EWB? >> You won't need to as long as you assign the TServerRequest UserName/Password properties. The browser will automatically perform the base64-encoding and authentication. However, AJAX (TServerRequest) can *only* do basic authentication at this time. Tim Young Elevate Software www.elevatesoft.com |
This web page was last updated on Thursday, October 10, 2024 at 02:11 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |