TsgcSTUNServer › Events › OnSTUNRequestAuthorization
Raised when a Binding Request requires authentication; supply the password associated with the incoming Username/Realm.
property OnSTUNRequestAuthorization: TsgcSTUNRequestAuthorizationEvent;
// TsgcSTUNRequestAuthorizationEvent = procedure(Sender: TObject; const aRequest: TsgcSTUN_Message; const aUsername, aRealm: string; var Password: string) of object—
Fired once per authenticated Binding Request, after the incoming MESSAGE-INTEGRITY attribute has been parsed but before it is verified. aUsername and aRealm are decoded from the request (the realm is empty for short-term credentials). Assign the password associated with that user to the Password var-parameter; the server then computes the HMAC key and either accepts the request or answers with a 401 Unauthorized response when the computed integrity value does not match. Leave Password as an empty string to reject the user, which also yields a 401 response. This handler runs on the listener thread unless NotifyEvents selects another mode — keep it short and thread-safe.
procedure TForm1.OnSTUNRequestAuthorization(Sender: TObject;
const aRequest: TsgcSTUN_Message; const aUsername, aRealm: string;
var Password: string);
begin
if SameText(aUsername, 'alice') then
Password := 'secret'
else
Password := '';
end;