IdHTTP OnAuthorization how to?

Hi, just a really simple question.

How does OnAuthorization work? Isn't it supposed to repeat the request 
with the credentials I supply?

Here is what I do:

procedure TForm1.HTTPClientAuthorization(Sender: TObject;
   Authentication: TIdAuthentication; var Handled: Boolean);
begin
   if LoginForm.ShowModal = mrOk then
   begin
     Authentication.Username := LoginForm.BrugernavnEdit.Text;
     Authentication.Password := LoginForm.AdgangskodeEdit.Text;
//    Handled := True; { If this is commented out I get a 401 exception, 
if not I just get no result at all. }
   end;
end;

What do I need to do?

Anders
1
Anders
5/2/2012 12:44:42 PM
embarcadero.delphi.winsock 1874 articles. 2 followers. Follow

13 Replies
5589 Views

Similar Articles

[PageSpeed] 55

Anders wrote:

> How does OnAuthorization work?

It is triggered when the *server* asks for credentials after TIdHTTP has 
sent a request and the server replied with a 401 response code.

> Isn't it supposed to repeat the request with the credentials I supply?

Yes.  If the event keeps triggering, then the server is not accepting the 
credentials you are providing, or the credentials are being sent using an 
authentication scheme that the server does not support (which should only 
happen if you are manually assigning a TIdAuthentication object to the TIdHTTP.Request.Authentication 
property beforehand).  The TIdHTTP.OnSelectAuthentication event lets you 
see which scheme(s) the server supports (the AuthInfo parameter) and which 
scheme TIdHTTP is choosing to use (the AuthenticationClass parameter) before 
the TIdHTTP.OnAuthentication event is triggered and the request is repeated 
with the new credentials.  What values are actually being reported in that 
event?

--
Remy Lebeau (TeamB)
0
Remy
5/2/2012 5:07:07 PM
Den 02-05-2012 19:07, Remy Lebeau (TeamB) skrev:
> Anders wrote:
>
>> How does OnAuthorization work?
>
> It is triggered when the *server* asks for credentials after TIdHTTP has
> sent a request and the server replied with a 401 response code.
>
>> Isn't it supposed to repeat the request with the credentials I supply?
>
> Yes.  If the event keeps triggering, then the server is not accepting the
> credentials you are providing, or the credentials are being sent using an
> authentication scheme that the server does not support (which should only
> happen if you are manually assigning a TIdAuthentication object to the TIdHTTP.Request.Authentication
> property beforehand).  The TIdHTTP.OnSelectAuthentication event lets you
> see which scheme(s) the server supports (the AuthInfo parameter) and which
> scheme TIdHTTP is choosing to use (the AuthenticationClass parameter) before
> the TIdHTTP.OnAuthentication event is triggered and the request is repeated
> with the new credentials.  What values are actually being reported in that
> event?

Well I am not quite sure what you are asking, to be honest, but the 
server that I am contacting is a REST server I build with TIdHTTPserver.

The commandget event looks something like this:

procedure TRootNode.CommandGet(AContext: TIdContext;
   ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
var
   LoginOK: Boolean;
   Authorization: string;
begin
   OutputLogString('??? Client request: ' + ARequestInfo.URI);
   LoginOK := False;
   if ARequestInfo.AuthExists then
   begin
     Authorization := ARequestInfo.RawHeaders.Values['Authorization'];
     OutputLogString('    Authorization: ' + Authorization);
     if StartsStr('Basic ', Authorization) then
     begin
       Authorization := Copy(Authorization, 7, Length(Authorization));
       if LoginNode.LoginOK(Authorization) then
       begin
         LoginOK := True;
         { Code that handles the request goes here.. }
       end;
     end;
   end;
   if not LoginOK then
   begin
     OutputLogString('    No Authorization provided.');
     AResponseInfo.ResponseNo := 401;
     AResponseInfo.CustomHeaders.AddValue('WWW-Authenticate', 'Basic');
   end;
end;

I don't have any preference for handling authentication really, so if 
you think that this is completely off, then I am all ears. :)

Anders
0
Anders
5/3/2012 7:34:21 AM
Anders wrote:

> Well I am not quite sure what you are asking, to be honest

I was asking for the contents of the AuthInfo parameter, which is a TStrings 
descendant, and the ClassName() of the AuthenticationClass parameter, if 
not nil.  Given what you have described, AuthInfo should contain just 'Basic', 
and AuthenticationClass should be the TIdBasicAuthentication class type.

> the server that I am contacting is a REST server I build with
> TIdHTTPserver.

TIdHTTPServer only supports the BASIC authentication scheme natively.  In 
TIdHTTP, make sure the TIdHTTP.Request.BasicAuthentication property is set 
to True.

> The commandget event looks something like this:

TIdHTTPServer parses BASIC authentication internally and will not trigger 
the OnCommandGet event if it fails, so you can simplify that code to the 
following:

{code:delphi}
procedure TRootNode.CommandGet(AContext: TIdContext; ARequestInfo: TIdHTTPRequestInfo; 
AResponseInfo: TIdHTTPResponseInfo);
begin
  OutputLogString('??? Client request: ' + ARequestInfo.URI);
  if ARequestInfo.AuthExists and LoginNode.LoginOK(ARequestInfo.AuthUsername, 
ARequestInfo.AuthPassword) then
  begin
    { Code that handles the request goes here.. }
  end else
  begin
    OutputLogString('    No Authorization provided.');
    AResponseInfo.ResponseNo := 401;
    AResponseInfo.AuthRealm := 'MyRealm'; // will generate the WWW-Authenticate 
header for you
  end;
end;
{code}

--
Remy Lebeau (TeamB)
0
Remy
5/3/2012 4:26:42 PM
Den 03-05-2012 18:26, Remy Lebeau (TeamB) skrev:
> Anders wrote:
>
>> Well I am not quite sure what you are asking, to be honest
>
> I was asking for the contents of the AuthInfo parameter, which is a TStrings
> descendant, and the ClassName() of the AuthenticationClass parameter, if
> not nil.  Given what you have described, AuthInfo should contain just 'Basic',
> and AuthenticationClass should be the TIdBasicAuthentication class type.

I made some of the changes you suggested.

I set the realm in the CommandGet event on the server instead of adding 
the header myself.

I set TIdHTTP.Request.BasicAuthentication := True;

I now have the following two events hooked up in client.

{code:delphi}
procedure TMainForm.HTTPClientSelectAuthorization(Sender: TObject;
   var AuthenticationClass: TIdAuthenticationClass; AuthInfo: 
TIdHeaderList);
begin
   if Assigned(AuthenticationClass) then 
Memo.Lines.Add(AuthenticationClass.ClassName);
   Memo.Lines.AddStrings(AuthInfo);
end;

procedure TMainForm.HTTPClientAuthorization(Sender: TObject;
   Authentication: TIdAuthentication; var Handled: Boolean);
begin
   Memo.Lines.AddStrings(Authentication.Params);
   Memo.Lines.Add(Authentication.ClassName);
   Memo.Lines.AddStrings(Authentication.AuthParams);
   Authentication.Username := MyUsernameC;
   Authentication.Password := MyPasswordC;
end;
{code}

This outputs the following in the memo:

Authorization: Basic Og==
realm: "MyRealm"
TIdBasicAuthentication
Basic realm="MyRealm"

On the server it logs the following:

15:43:16 ??? Client request: /
15:43:16     Authorization: Basic Og==
15:43:16     No Authorization provided.

No additional requests are made.

Compare with connecting via firefox:

15:45:20 ??? Client request: /
15:45:20     No Authorization provided.
15:45:31 ??? Client request: /
15:45:31     Authorization: Basic MYAUTHSTRING
15:45:31 ??? Client request: /favicon.ico
15:45:31     Authorization: Basic MYAUTHSTRING
15:45:31 ??? Client request: /favicon.ico
15:45:31     Authorization: Basic MYAUTHSTRING

  - Anders E. Andersen
0
Anders
5/7/2012 1:49:03 PM
Anders wrote:

> procedure TMainForm.HTTPClientAuthorization(Sender: TObject; Authentication: 
TIdAuthentication; var Handled: Boolean);
> begin
> Memo.Lines.AddStrings(Authentication.Params);
> Memo.Lines.Add(Authentication.ClassName);
> Memo.Lines.AddStrings(Authentication.AuthParams);
> Authentication.Username := MyUsernameC;
> Authentication.Password := MyPasswordC;
> end;

You need to set the Handled parameter to True, or else TIdHTTP will not send 
a new request to the server with the newly assigned credentials.

> On the server it logs the following:
<snip>
> 15:43:16     Authorization: Basic Og==

"Og==" is the base64 encoding of the ":" character by itself.  In "Basic", 
that character separates the username and password, which means that TIdHTTP 
is apparently sending blank username and password values in your situation, 
which should be impossible because TIdBasicAuthentication.DoNext() does not 
allow TIdHTTP to send blank usernames.  With the current Indy 10 snapshot, 
I am not able to reproduce that condition.  If I try to set a blank usernames, 
TIdHTTP gets stuck in an OnAuthentication loop ad no requests are sent to 
the server until I provide a non-blank username.  When I do that, TIdHTTPServer 
is currently filling in the ARequestInfo.AuthExists, ARequestInfo.AuthUsername, 
and ARequestInfo.AuthPassword properties as expected.

--
Remy Lebeau (TeamB)
0
Remy
5/7/2012 7:14:19 PM
Den 07-05-2012 21:14, Remy Lebeau (TeamB) skrev:

> You need to set the Handled parameter to True, or else TIdHTTP will not send
> a new request to the server with the newly assigned credentials.

I will try this next.


>> On the server it logs the following:
> <snip>
>> 15:43:16     Authorization: Basic Og==
>
> "Og==" is the base64 encoding of the ":" character by itself.  In "Basic",
> that character separates the username and password, which means that TIdHTTP
> is apparently sending blank username and password values in your situation,
> which should be impossible because TIdBasicAuthentication.DoNext() does not
> allow TIdHTTP to send blank usernames.  With the current Indy 10 snapshot,
> I am not able to reproduce that condition.  If I try to set a blank usernames,
> TIdHTTP gets stuck in an OnAuthentication loop ad no requests are sent to
> the server until I provide a non-blank username.  When I do that, TIdHTTPServer
> is currently filling in the ARequestInfo.AuthExists, ARequestInfo.AuthUsername,
> and ARequestInfo.AuthPassword properties as expected.

I am using Delphi 2009 with indy compiled from SVN, but the snapshot is 
a few months old right now. Maybe half a year or more.

My coworkers don't like to update the snapshot too often. They are 
worried about their stuff breaking.

Anders
0
Anders
5/7/2012 9:17:33 PM
Den 07-05-2012 23:17, Anders Andersen skrev:

> I am using Delphi 2009 with indy compiled from SVN, but the snapshot is
> a few months old right now. Maybe half a year or more.
>

I am using revision 4690.

I think for now, I will try working around this. Since the server is 
always going to want authentication, there is actually no point in 
waiting for the server to ask for it. I might as well just provide it.

Anders
0
Anders
5/8/2012 8:00:28 AM
Den 07-05-2012 21:14, Remy Lebeau (TeamB) skrev:
>
> You need to set the Handled parameter to True, or else TIdHTTP will not send
> a new request to the server with the newly assigned credentials.
>

If you have time, could you please have a look at this simple test 
project and tell me what I am doing wrong:

http://dl.dropbox.com/u/20098726/HTTP.zip

I have updated my Indy to latest SVN and on my end it does not repeat 
the request with my code.

Anders
0
Anders
5/9/2012 11:04:20 AM
Anders wrote:

> If you have time, could you please have a look at this simple
> test project and tell me what I am doing wrong:

In the TIdHTTPServer.OnCommandGet event, you need to use the AuthUserName 
and AuthPassword properties of TIdHTTPRequestInfo instead of the UserName 
and Password properties.  The UserName and Password properties are used client-side 
by TIdHTTP internally, they are not meant to be be server-side.

--
Remy Lebeau (TeamB)
0
Remy
5/9/2012 4:57:07 PM
Den 09-05-2012 18:57, Remy Lebeau (TeamB) skrev:
> Anders wrote:
>
>> If you have time, could you please have a look at this simple
>> test project and tell me what I am doing wrong:
>
> In the TIdHTTPServer.OnCommandGet event, you need to use the AuthUserName
> and AuthPassword properties of TIdHTTPRequestInfo instead of the UserName
> and Password properties.  The UserName and Password properties are used client-side
> by TIdHTTP internally, they are not meant to be be server-side.

Changed, but doesn't do anything. I can repeat the request manually and 
then it will work, but it doesn't autorepeat.

I do understand it correctly that it is designed to autorepeat the 
request after I supply the the username and password in the 
OnAuthorization event? Or am I meant to do this manually?

This is what I do to test:

I start the app.

I type in the username and password and click the button.

I get this text in the client memo:

Request - http://localhost:8090/
<HTML><BODY><B>401 Unauthorized</B></BODY></HTML>

I get this text in the server event:

CommandGet Event.

I then click the button again and I get authorized.

It doesn't autorepeat the request.

Anders
0
Anders
5/9/2012 6:36:13 PM
Hello Anders,

> Changed, but doesn't do anything. I can repeat the request manually
> and then it will work, but it doesn't autorepeat.

Works fine for me when I try it.

> I do understand it correctly that it is designed to autorepeat the
> request after I supply the the username and password in the
> OnAuthorization event?

TIdHTTP repeats the request if the TIdHTTP.HTTPOptions property contains 
the hoInProcessAuth flag, the TIdHTTP.OnAuthorization event returns Handled=True, 
and the number of repeated requests has not exceeded the value of the TIdHTTP.MaxAuthRetries 
property.

--
Remy Lebeau (TeamB)
0
Remy
5/9/2012 6:50:02 PM
Den 09-05-2012 20:50, Remy Lebeau (TeamB) skrev:

>
> TIdHTTP repeats the request if the TIdHTTP.HTTPOptions property contains
> the hoInProcessAuth flag,

Wowowow hang on there. That is the first I hear of this!

Is this flag set automatically on your end, because it is cleared on my 
end?!

This makes all the difference!

Anders
0
Anders
5/9/2012 7:10:35 PM
Anders wrote:

> Is this flag set automatically on your end, because it is cleared
> on my end?!

hoInProcessAuth is not enabled by default, no.

--
Remy Lebeau (TeamB)
0
Remy
5/9/2012 9:32:21 PM
Reply:

Similar Artilces:

Delphi and Delphi for .Net
It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. I would like to know is it true all .Net application is slower than Win32 native applicaiton or it is Delphi for .Net only. Your information is great appreciated, Inung On 2011-06-21 18:20:17 +0100, Inung Huang said: > It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. > I would like to know is it true all .Net application is slower than > Win32 native applicaiton or it is Delphi for .Net only. If you are only running the code in the application once then, yes, yo...

Delphi 2009, IdHTTP and UTF8
Hello I'm having a problem after migrating to Delphi 2009 Win32. I need to to a login on a web site and parse the returned data, but the problem is that I can't decode UTF8 characters. In delphi 2007 I used WideStrings and UTF8Decode, although this approach is not working anymore with delphi 2009. I replaced WIdeStrings with strings and UTF8Decode to UTF8ToString method, but still can't read the utf8 string. anyone can help? :( here's the code. var Params: TStringList; s: string; begin Params.Add('login=' + UserName); Params.Add('p...

Delphi 2010 Idhttp and Cookiemanager?
Hello, is the tidhttp.cookiemanager from indy 10.5.7.0 for delphi 2010 broken? I have recently switched to Delphi 2010 from Delphi 2007 and now, it can't seem to note any cookies. even if allowcookies is set to true. a superficial search in the forums didn't bring me any further i hope that you folks have a fix for that. Thanks alot in advance. On 26.8.2010 9:31, Siyuan Fan wrote: > Hello, > > is the tidhttp.cookiemanager from indy 10.5.7.0 for delphi 2010 broken? > I have recently switched to Delphi 2010 from Delphi 2007 and now, it can't seem to note...

delphi.internet.winsock
I was having some issues with XanaNews so I went to the Emb web version and was getting... delphi.internet.winsock - group not available. The server is throwing HTTP Status 500. Anyone else having trouble with newsgroups. Many other groups seem ok. -- Ray El 02/02/2014 8:05, Raymond Alexander escribió: > I was having some issues with XanaNews so I went to the Emb web version > and was getting... > > delphi.internet.winsock - group not available. > > The server is throwing HTTP Status 500. > > Anyone else having trouble with newsgroups. ...

delphi.internet.winsock: text and base64
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --JivePart=_18c8b.zeB8CwDOH5aMJzMl Content-Type: text/plain; charset="Utf-8" See message in delphi.internet.winsock group. --JivePart=_18c8b.zeB8CwDOH5aMJzMl Content-Type: image/jpeg; name="buffer1.JPG" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="buffer1.JPG" /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zN...

Delphi 2010 / IdHTTP problem: Socket Error # 0
Use D2010 Indy 10 gmail login with OAuth. When i send Post(https://accounts.google.com/o/oauth2/token,ABody,Response) In Indy on Line 2174 error "Socket Error # 0" case FHTTPProto.ProcessResponse(AIgnoreReplies) of In Delphi XE2 indy work withiut errors. <Roman Dukuy> wrote in message news:418271@forums.embarcadero.com... > Use D2010 Indy 10 > gmail login with OAuth. When i send > Post(https://accounts.google.com/o/oauth2/token,ABody,Response) > > In Indy on Line 2174 error "Socket Error # 0" > case FHTTPProto.ProcessResp...

IDHTTP Get Unicode in Delphi XE2 SP3 What Am I missing ?
I have done a lot of searching and still can not find out what is going on ( or maybe I'm just to thick headed) Reference this http://embarcadero.newsgroups.archived.at/public.delphi.internet.winsock/201005/1005133814.html Using Result := IDHTTP.Get (getStr); Ok if the Header says Encoding is utf-8 but the XML result is missing the encoding I get trash Header ---Content-Type = application/xml; charset=utf-8 XML --- <?xml version="1.0" standalone="yes"?> Same header Header ---Content-Type = application/xml; charset=utf-8 XML --- &...

Delphi 2009
I've done some searching on the web, and i can't seem to find any answer to the problem i have. The client is made in c++ using winsock send & recieve. The server is done with Indy IdTCPServer component. When the winsock client connects, IdTCPServer get knowledge of it. However, when the winsock client sends a chararray with the function send(), nothing gets parsed in IdTCPServer.Execute. I know the client works, since i built a winsock testserver for the occation. However when using Acontext.Connection.IOHandler.ReadLn it does not. Is it known that Indy vs winsock base do...

SEPA components for Delphi with Source Code (Delphi 5
Hi all, in the european union change next year the Bankingformat to the SEPA Format. All peoples and companies must change the bankingssoftware and the costumer data form acountnummers in the new IBAN and BIC numbers. See: http://www.arma-it.de/shop/artikelueber.php?wgruppeid=211&wgruppe_offen=211 Functions: - generate SEPA XML'S - Calc IBAN - BIC Database (DE,AT and CH) Questions: vertrieb@arma-it.de PS: Bankinssoftware for Develpoers (Germany only) http://www.arma-it.de/shop/artikelueber.php?wgruppeid=212&wgruppe_offen=212 El 26/10/13 21:38, A...

Delphi for PHP or Delphi PRISM
Hi, I have the opportunity to develop a web-based library management system. Nothing fancy, just being able to do the usual CRUD stuff for books and provide a search facility. Borrowing is to be done via an email request to the library admin who then sends out the book(s). Since both Delphi for PHP and Delphi PRISM will enable me to develop the app, which one will allow me to deliver it in less time and also increase (even how small) my marketability as a web developer? Thanks. Phillip Flores Phillip Flores wrote: > Hi, > > I have the opportunity to develop a...

Delphi 2010 / IdHTTP problem: Socket Error # 0 [Edit]
I have code that uses IdHTTP to do a HTTP Post to an HTTPS URL. I set my IdHTTP1.IOHandler to the object returned from TIdSSLIOHandlerSocketOpenSSL.Create(). After calling IdHTTP1.Post(posturl, slPostData), with slPostData being a TStringList.Create(); I get this exception: *Project OUTLOOK.EXE raised exception class EIdSocketError with message 'Socket Error # 0'.* I know for sure that the problem is not in my code, because I exported an earlier version of my source code that I know works for sure, compiled it with Delphi 2010, and I got the same problem. The same code works if ...

Delphi and virus, or virus and Delphi.
Hi all. There is some discussion about a 'new' virus, that targets Delphi (and developers). The article is in danish: <http://www.version2.dk/artikel/11833-delphi-udviklere-jages-af-ny-type-malware> but refers to this article: <http://news.cnet.com/8301-27080_3-10312628-245.html> From the Danish article POV, it seems like Delphi itself is vunerable, which is not true. As far as i can see, is the attack vector, injection of (source) code in the 'Sysconst' unit. What's going on? -- Best regards Stig Johansen Perhaps checking other thre...

from delphi 6 to delphi 2010
Hi. It is possible, with component RX, dxforumlibrary, InfoPower3000Pro, StringAlignGrid. Accepts communication BDE. Thank by comments. excequiel arostica wrote: >Hi. > It is possible, with component RX, dxforumlibrary, >InfoPower3000Pro, StringAlignGrid. Accepts communication BDE. > >Thank by comments. Rx is dead and sources are taken over by jcl/jvcl. I dont know about the rest of the components and i have no experiences with bde over the last 9 years. excequiel arostica wrote: > Hi. > It is possible, with component RX, dxforumlibrary,...

Delphi 4 to Delphi 2009
Hello, Thanks to all who answered my previous question. That was a great help. And atlast our client agreed to upgrade our delphi version from 4 to Delphi 2009. *Sigh*. But before that, I need to give the estimation and cost regarding the migration to delphi 2009. Can anyone tell me is there any tool to migrate from delphi 4 to delphi 2009 or just I need to compile our Delphi 4 application in Delphi 2009. I have read from the delphi 2009 feature matrix that Delphi 1 through Delphi 2007 import is possible in delphi 2009. But i am not that sure considering the size of our application. ...

Web resources about - IdHTTP OnAuthorization how to? - embarcadero.delphi.winsock

ASP.NET MVC Authorization based on Route Params
... is right. @CD, rather than just repeating the minimal MSDN text verbatim, look at the MVC source code, particularly the comment in OnAuthorization ...


Rush Limbaugh's response to FAIR
Rush Limbaugh Responds to FAIR "Reign of Error: From aids to ozone, from Whitewater to the Bible,Limbaugh seems to be able to dissemble and ...

Resources last updated: 1/7/2016 4:01:02 PM