TsgcWSAPIServer_WebAuthn.OnWebAuthnHTTPRequest
Click here to see this page in full context

TsgcWSAPIServer_WebAuthnEvents › OnWebAuthnHTTPRequest

OnWebAuthnHTTPRequest Event

Fires before a WebAuthn endpoint processes an incoming HTTP request; lets the application inspect headers, apply rate limits, or reject the call.

Syntax

property OnWebAuthnHTTPRequest: TsgcWebAuthnOnHTTPRequest;
// TsgcWebAuthnOnHTTPRequest = procedure(Sender: TObject; aMethod: TsgcWebAuthnHTTPRequestMethod; const aRequest: TsgcHTTPRequest; var Accept: Boolean) of object

Default Value

Remarks

Called once per HTTP hit to any WebAuthn endpoint. aMethod identifies which endpoint was matched (registration options/verify or authentication options/verify), aRequest exposes the raw HTTP headers and payload and Accept defaults to true. Set Accept to false to short-circuit the pipeline (for example when throttling clients or enforcing IP allowlists) — the server will then skip the WebAuthn logic for that call.

Example

procedure TForm1.sgcWSAPIServer_WebAuthn1WebAuthnHTTPRequest(Sender: TObject;
  aMethod: TsgcWebAuthnHTTPRequestMethod; const aRequest: TsgcHTTPRequest;
  var Accept: Boolean);
begin
  Memo1.Lines.Add('WebAuthn request from ' + aRequest.RemoteIP);
  if IsBlocked(aRequest.RemoteIP) then
    Accept := False;
end;

Back to Events