Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 6 of 6 total
Thread AuthenticateUser always return false
Wed, Mar 23 2016 6:36 PMPermanent Link

KimHJ

Comca Systems, Inc

I'm unable to get past the AuthenticateUser in the EWBModuleExecute(Request: TEWBServerRequest).

I used the URL user=kim&password=mik because that is the only one where I get anything in the AppDatabaseAdapterAuthenticateUser. If I use HTTP basic Authentication the RequestUserName and RequestPassword are blank.



procedure TEWBModule1.AppDatabaseAdapterAuthenticateUser(
 const RequestUserName, RequestPassword: string;
 var Authenticated: Boolean);
begin
    if RequestUserName = 'kim' then
       begin
            if RequestPassword = 'mik' then
               Authenticated := True              // it get to here
            else
                Authenticated := False;
       end
    else
        Authenticated := False;
end;

But here it is false:
procedure TEWBModule1.EWBModuleExecute(Request: TEWBServerRequest);
begin
       AppDatabaseAdapter.HandleRequest(Request,'customdatasets');
       if AuthenticateUser(Request) then   
  
Always False even AppDatabaseAdapterAuthenticateUser returned True.

Thanks for any help.
Mon, Mar 28 2016 1:28 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Kim,

<< I'm unable to get past the AuthenticateUser in the EWBModuleExecute(Request: TEWBServerRequest).

I used the URL user=kim&password=mik because that is the only one where I get anything in the AppDatabaseAdapterAuthenticateUser. If I use HTTP basic Authentication the RequestUserName and RequestPassword are blank. >>

You can't use HTTP basic authentication with EWB.  It doesn't work that way, and HTTP basic authentication is as good as plain-text credentials as far as security is concerned.  EWB relies on you using HTTPS (SSL/TLS) when sending credentials for authentication purposes.

<< But here it is false:
procedure TEWBModule1.EWBModuleExecute(Request: TEWBServerRequest);
begin
       AppDatabaseAdapter.HandleRequest(Request,'customdatasets');
       if AuthenticateUser(Request) then
  
Always False even AppDatabaseAdapterAuthenticateUser returned True. >>

The problem is your event handler is for the TEWBDatabaseAdapter, but you're calling the AuthenticateUser method of the *module*.  The two are separate methods/event handlers - one for the database/dataset adapter handling and one for the module.

Tim Young
Elevate Software
www.elevatesoft.com
Tue, Mar 29 2016 6:58 PMPermanent Link

KimHJ

Comca Systems, Inc

Tim,

<<
You can't use HTTP basic authentication with EWB.  It doesn't work that way, and HTTP basic authentication is as good as plain-text credentials as far as security is concerned.  EWB relies on you using HTTPS (SSL/TLS) when sending credentials for authentication purposes.>>

So I can't test it on my local server?

Kim
Thu, Mar 31 2016 2:53 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Kim,

<< So I can't test it on my local server? >>

No, you can test it on your local server.  What are you using for the front-end that is calling your module ?  EWB ?

Tim Young
Elevate Software
www.elevatesoft.com
Thu, Mar 31 2016 5:55 PMPermanent Link

KimHJ

Comca Systems, Inc

Tim,

<< No, you can test it on your local server.  What are you using for the front-end that is calling your module ?  EWB ?>>

I got it to work on the local server. I haven't found out how to enter the login name and password in a HTTP Get except adding it to the URL.

Right now I'm using Postman but when finish two application will access the data EWB as the online user application for my customer and the iPhone and Android app for my customer's customers.

I haven't tried yet because I haven't made app yet, but is't possible to test the phone apps using the local wireless network and the IP address of the local computer where the local webserver is running. I would have to open the port in the firewall.

Thanks,
Kim
Fri, Apr 1 2016 11:58 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Kim,

<< I got it to work on the local server. I haven't found out how to enter the login name and password in a HTTP Get except adding it to the URL. >>

If you're using a straight-up TServerRequest, then you should add these two headers:

X-EWBUser
X-EWBPassword

You can set them like this:

 MyServerRequest.RequestHeaders.Values['X-EWBUser']:=FUserName;
 MyServerRequest.RequestHeaders.Values['X-EWBPassword']:=FPassword;

<< I haven't tried yet because I haven't made app yet, but is't possible to test the phone apps using the local wireless network and the IP address of the local computer where the local webserver is running. I would have to open the port in the firewall. >>

Yes, absolutely.  You can even debug the remotely-running JS application in Chrome (on Android) from your computer.

Tim Young
Elevate Software
www.elevatesoft.com
Image