Board index » delphi » TIdHTTPServer authentication

TIdHTTPServer authentication


2006-05-08 08:50:07 PM
delphi98
Hi,
We're using TIdHTTPServer (Indy 10) to make a webinterface for our
(database) application. We need some sort of authentication
(usernames+passes are stored in our database).
A way of authentication that come to my mind is to generate a UID, mark it
as authenticated in our database, and write it in a cookie. But I am sure
there are plenty of other, better ways that also work when a client doesn't
accept cookies. Does anyone has more information about this? What is an
easy and straightforward way of authentication for TIdHTTPServer (Indy 10)?
Thanks in advance,
M.
 
 

Re:TIdHTTPServer authentication

"Mathijs" <XXXX@XXXXX.COM>writes
Quote
We're using TIdHTTPServer (Indy 10) to make a webinterface for our
(database) application. We need some sort of authentication
(usernames+passes are stored in our database).
In the OnCommandGet event, when you receive a request from the client that
needs authenticating, you can set the TIdHTTPResponseInfo.AuthRealm property
to a non-empty string. That forces the server to send a 401 response
telling the client that authentication credentials are needed a new request.
TIdHTTPRequestInfo has AuthUsername and AuthPassword properties. Those will
contain the username/password values if the client sends them. You can use
those to check your database fields as needed. For example:
procedure TForm1.IdHTTPServer1CommandGet(ASender: TObject; ARequestInfo:
TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
if (ARequestInfo is a restricted resource) then
begin
if (ARequestInfo.AuthUsername and ARequestInfo.AuthPassword are
not authenticated) then
begin
AResponseInfo.AuthRealm = 'myserver';
Exit;
end;
end;
// send the requested data as needed ...
end;
Gambit
 

Re:TIdHTTPServer authentication

08 mei 2006, (Remy Lebeau (TeamB)):
Quote
n the OnCommandGet event, when you receive a request from the client
that needs authenticating, you can set the
TIdHTTPResponseInfo.AuthRealm property to a non-empty string. That
forces the server to send a 401 response telling the client that
authentication credentials are needed a new request.
TIdHTTPRequestInfo has AuthUsername and AuthPassword properties.
Those will contain the username/password values if the client sends
them. You can use those to check your database fields as needed.
Thanks alot! That was what I am looking for:)
M.