CODEWITHSUNDEEP
delphiindydigest-authentication
Richard Holland
Richard Holland

Reputation: 2673

401 With Indy IdHttp Digest Authentication in Delphi XE

Trying to do a get() with Digest to a partner's web service with Delphi XE.

I have included IdAuthenticationDigest to the uses clause which should automatically work from what I've read - but I must be missing something because I'm getting a 401 Unauthorized.

Code:

begin
  // Init request:   
  IdHttp := TIdHttp.Create(nil);
  try
    idHttp.Request.ContentType := self.inputType; // 'application/xml'
    idHttp.Request.Accept := self.outputType; //'application/json';

    // Set request method:
    idHttp.Request.Method := Method; // 'Get'
    // Set username and password:
    idHttp.Request.BasicAuthentication := False;
    // IdHttp.Request.Username/Password also fails
    IdHttp.Request.Authentication.Username := 'xx';
    IdHttp.Request.Authentication.password := 'xx';

    IdHttp.Request.ContentLength := Length(Body);

    // Send request:
    if Method = 'GET' then
      Result := idHttp.Get(self.ServiceHost + URI)
    else
    if Method = 'POST' then
      Result := idHttp.Post(self.ServiceHost + URI, SendStream);

   finally
    idHttp.Free;
   end;
end;

Upvotes: 2

Views: 10602

Answers (3)

Woozar
Woozar

Reputation: 1130

You also need to set the hoInProcessAuth Flag, befor performing the GET.

idHttp.HTTPOptions := idHttp.HTTPOptions + [hoInProcessAuth];

Upvotes: 2

Ezequiel Hdez.
Ezequiel Hdez.

Reputation: 144

Add OnAuthorization event something like this:

procedure TForm1.IdHTTP1Authorization(Sender: TObject;
  Authentication: TIdAuthentication; var Handled: Boolean);
begin
Authentication.Username:='user';
Authentication.Password:='passs'; 
if Authentication is TIdDigestAuthentication then
  begin
    showmessage('onAuthorization: '+Authentication.Authentication);
    TIdDigestAuthentication(IdHTTP1.Request.Authentication).Uri:=IdHTTP1.Request.URL;
    TIdDigestAuthentication(Authentication).Method := 'GET';
  end;
Handled:=true;
end;

Sometimes indy misses some necesary info. In my case, I'm connecting to a Tomcat server but this need the Get method when the digest params authentication info is sent.

Upvotes: 4

Remy Lebeau
Remy Lebeau

Reputation: 595339

You need to set the Request.Username and Request.Password properties instead of using the Request.Authentication property. Also, do not set the Request.Method or Request.ContentLength properties at all. All three of those properties are managed by TIdHTTP internally.

  // Init request:   
  IdHttp := TIdHttp.Create(nil);
  try
    idHttp.Request.ContentType := self.inputType; // 'application/xml'
    idHttp.Request.Accept := self.outputType; //'application/json';

    // Set username and password:
    idHttp.Request.BasicAuthentication := False;
    IdHttp.Request.Username := 'xx';
    IdHttp.Request.Password := 'xx';

    // Send request:
    if Method = 'GET' then
      Result := IdHttp.Get(self.ServiceHost + URI)
    else
    if Method = 'POST' then
      Result := IdHttp.Post(self.ServiceHost + URI, SendStream);
   finally
    IdHttp.Free;
   end;

Upvotes: 4

Related Questions