idHTTP.get with authentication

Hi,
I try to make an app (Delphi XE7, win64) that retrieves a webpage from a 
forum using a idHTTP component
The forum has some threads in public view and some for members only 
(username, password).
I have set idHTTP.request.username/password properly.
When I ask a public page, I can get it without problems
When I ask for a members only page, I receive the message "404 not found"

the status messages are :
Resolving hostname www.mysite.gr.
Connecting to 85.25.200.46.
Connected.
Chunk Started
Disconnected.

what can I do to resolve the problem, please ?

thanks in advance
0
Papas
7/22/2015 7:10:14 PM
embarcadero.delphi.winsock 1874 articles. 2 followers. Follow

6 Replies
783 Views

Similar Articles

[PageSpeed] 39

Papas wrote:

> I have set idHTTP.request.username/password properly.

Those properties only apply to HTTP authentication.  If the forum is using 
HTML webform authentication instead, you will have to use the TIdHTTP.Post() 
method to submit the user's credentials and other webform input values, just 
like a webbrowser would.

> Resolving hostname www.mysite.gr.

There is no forum located at http://www.mysite.gr.  Are you sure you are 
using the right URL?

-- 
Remy Lebeau (TeamB)
0
Remy
7/22/2015 7:54:03 PM
Papas wrote:

> I have set idHTTP.request.username/password properly.

Those properties only apply to HTTP authentication.  If the forum is using 
HTML webform authentication instead, you will have to use the TIdHTTP.Post() 
method to submit the user's credentials and other webform input values, just 
like a webbrowser would.

> Resolving hostname www.mysite.gr.

There is no forum located at http://www.mysite.gr.  Are you sure you are 
using the right URL?

-- 
Remy Lebeau (TeamB)
0
Remy
7/22/2015 7:54:17 PM
Thanks Remy for your instant reply
www.mysite.gr is a dummy site, just for example
Could you provide an example of HTML webform authentication, please ?
TIA

Those properties only apply to HTTP authentication.  If the forum is using
HTML webform authentication instead, you will have to use the TIdHTTP.Post()
method to submit the user's credentials and other webform input values, just
like a webbrowser would.
0
Papas
7/22/2015 8:00:21 PM
Papas wrote:

> Could you provide an example of HTML webform authentication, please ?

For example, if you have a site "http://forum.mysite.gr" that contains HTML 
like the following for a user to login with:

{code}
<form action="/login" method="post">
User: <input type="text" name="user"><br>
Pass: <input type="text" name="pass"><br>
<input type="hidden" name="somename" value="somevalue">
<input type="submit">
</form>
{code}

You would use the following code to submit it using TIdHTTP:

{code}
PostData := TStringList.Create;
try
  PostData.Add('user=...');
  PostData.Add('pass=...');
  PostData.Add('somename=somevalue');
  IdHTTP1.Post('http://forum.mysite.gr/login', PostData);
finally
  PostData.Free;
end;
{code}

If the login is successful, the server is likely to send back 1 or more HTTP 
cookies that represent the login session.  Each subsequent HTTP request would 
need to include those cookies until the session ends.  TIdHTTP handles that 
automatically if the TIdHTTP.AllowCookies property is true, and you reuse 
the same TIdHTTP object for each request, or at least reuse the same TIdCookieManager 
object with each TIdHTTP object (see the TIdHTTP.CookieManager property).

But again, this assumes HTML-based authentication.  It would be really helpful 
if you would show the actual URLs in question, or at least the relevant HTML 
that is used to access the resources you are interested in.

-- 
Remy Lebeau (TeamB)
0
Remy
7/22/2015 9:09:25 PM
Remy, unfortunately I can't see the HTML code
The login page is this 
http://www.michanikos.gr/index.php?app=core&module=global&section=login

can you suggest me what can I do, please ?
0
Papas
7/22/2015 10:26:17 PM
Papas wrote:

> Remy, unfortunately I can't see the HTML code

Any webbrowser can show you the HTML code.  For example, in IE, go to "Page" 
menu and choose "View source".  Most other browsers have a similar option.

> The login page is this
> http://www.michanikos.gr/index.php?app=core&module=global&section=login

Now we are getting somewhere.  Yes, your forum site is indeed using HTML 
authentication, not HTTP authentication.

Now, here is the tricky part.  The login submission includes a hidden "auth_key" 
value.  It is not uncommon for webservers to do this for security reasons. 
 Usually, such a key is randomly generated each time the login page is retreived, 
so you would have to retreive the HTML for the login form just to get the 
current key value, before you can then post it in your login submission. 
 Just like a webbrowser would do.  On this particular site, though, the key 
does not appear to be random, unless it is regenerated less often than I 
was testing with.

In any case, try something like this:

{code}
var
  HTML, AuthKey: string;

// get login cookies and current authkey...
IdHTTP1.Request.Referer := 'http://www.michanikos.gr/';
HTML := IdHTTP1.Get('http://www.michanikos.gr/index.php?app=core&module=global&section=login');

// parse HTML for AuthKey, if needed...
AuthKey := '880ea6a14ea49e853634fbdc5015a024';

PostData := TStringList.Create;
try
  PostData.Add('auth_key=' + AuthKey);
  PostData.Add('referer=http://www.michanikos.gr/');
  PostData.Add('ips_username=' + UserName);
  PostData.Add('ips_password=' + Password);

  // these two values are optional, you can omit them if you do not need 
them...
  PostData.Add('rememberMe=1');
  PostData.Add('anonymous=1');

  IdHTTP1.Request.Referer := 'http://www.michanikos.gr/index.php?app=core&module=global&section=login';
  IdHTTP1.Post('http://www.michanikos.gr/index.php?app=core&module=global&section=login&do=process', 
PostData);
finally
  PostData.Free;
end;
{code}

-- 
Remy Lebeau (TeamB)
0
Remy
7/22/2015 11:19:55 PM
Reply:

Web resources about - idHTTP.get with authentication - embarcadero.delphi.winsock

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

New Tools to Optimize App Authentication
At f8, we announced a redesigned Auth Dialog and a new authentication flow to give developers more control over people’s first experience with ...

Facebook Tells Some Developers They Have 48 Hours to Fix Authentication Data Leaks
... sent an email to what it calls a “very small percentage of the developer community” informing them their apps are suspected of leaking authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


Sony Authentication Power Outlet Recognizes Users and Devices #DigInfo - YouTube
Sony Authentication Power Outlet Recognizes Users and Devices DigInfo TV - http://diginfo.tv 9/3/2012 NFC & Smart WORLD 2012 Sony Authentication ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

ATO boosts service access via app and voice authentication
The ATO has announced it will extend its voice authentication system to its mobile app

Resources last updated: 12/7/2015 11:17:32 PM