EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElHTTPServerRequestParams.Username never set?

Posted: 12/19/2012 07:53:25
by Peter Palotas (Basic support level)
Joined: 11/01/2012
Posts: 49

When implementing a HTTP server and the client sends an "Authorization:"-header with basic credentials in its request, shouldn't this populate the Username and Password properties of the TElHTTPServerRequestParams sent to the OnRequestHeadersReceived event of the TElHTTPSServer?

These properties seems to be always empty?
Posted: 12/19/2012 07:57:13
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Its your job to parse Authorization header. For now the server doesn't do this automatically.
Posted: 12/19/2012 08:16:18
by Eugene Mayevski (Team)

To add to Vsevolod's answer - you can use these fields as placeholders for further operations and store username and password there. Note, that some authentication methods don't include password-as-we-know-it, so while Basic method is the main one, the server doesn't handle any auth.method by default and in particular doesn't parse Basic method requests. Implementing such parsing now would lead to fair questions "why only Basic is handled", followed by other equally fair questions - people's wishes are unlimited. So if we don't want to go deep into HTTP authentication (and we don't want to at the moment), we better leave it in whole to the programmer.

Sincerely yours
Eugene Mayevski
Posted: 12/19/2012 08:20:39
by Peter Palotas (Basic support level)
Joined: 11/01/2012
Posts: 49

Thank you for the elaborate answer. I understand your philosophy. We will do as you suggest and populate these properties ourselves then.

Regards, Peter.



Topic viewed 452 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!