TsgcWebSocketServer | Server Authentication

TsgcWebSocket server supports 3 types of Authentications:

 

• Basic: read an HTTP Header during WebSocket HandShake with User and Password encoded as Basic Authorization.
• Session: first client request an HTTP session to server and if server returns a session this is passed in GET HTTP Header of WebSocket HandShake. (* own authorization method for sgcWebSockets library).
• URL: read request authorization using GET HTTP Header of WebSocket HandShake. (* own authorization method for sgcWebSockets library).

 

You can set a list of Authenticated users, using AuthUsers property, just set your users with the following format: user=password

OnAuthentication

Every time server receives an Authentication Request from a client, this event is called to return if user is authenticated or not.

Use Authenticated parameter to accept or not the connection.

 

procedure OnAuthentication(Connection: TsgcWSConnection; aUser, aPassword: string; 
  var Authenticated: Boolean);
begin
  if ((aUser = 'user') and (aPassword = 'secret')) then
    Authenticated := true
  else
    Authenticated := false;
end;

 

 

OnUnknownAuthentication

If Authentication is not supported by default, like JWT, still you can use this event to accept or not the connection. Just read the parameters and accept or not the connection.

 

procedure OnUnknownAuthentication(Connection: TsgcWSConnection; AuthType, AuthData: string; 
  var aUser, aPassword: string; var Authenticated: Boolean);
begin
  if AuthType = 'Bearer' then
  begin
    if AuthData = 'jwt_token' then
      Authenticated := true
    else
      Authenticated := false;
  end
  else
    Authenticated := false;
end;