TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnUnauthorized
Fires when a WebSocket connection attempts to use a WebAuthn-protected resource without a valid token; lets the application decide whether to disconnect.
property OnWebAuthnUnauthorized: TsgcWebAuthnOnUnauthorizedEvent;
// TsgcWebAuthnOnUnauthorizedEvent = procedure(Sender: TObject; aConnection: TsgcWSConnection; var Disconnect: Boolean) of object—
Raised when aConnection lacks a valid WebAuthn session token (or the token has expired) and the request would otherwise return 401. Disconnect defaults to true, which causes the server to drop the connection after sending the 401 response; set it to false to keep the connection open (for example, to allow the client to re-authenticate in the same session). Use this event to log unauthorized attempts or to implement a grace period.
procedure TForm1.sgcWSAPIServer_WebAuthn1WebAuthnUnauthorized(Sender: TObject;
aConnection: TsgcWSConnection; var Disconnect: Boolean);
begin
Memo1.Lines.Add('Unauthorized: ' + aConnection.Guid);
Disconnect := True;
end;