TsgcWebSocketServer | Server Authentication

TsgcWebSocket server supports 3 types of Authentications:

 

• Basic: reads an HTTP Header during the WebSocket HandShake with User and Password encoded as Basic Authorization.
• Session: first the client requests an HTTP session from the server and if the server returns a session, it is passed in the GET HTTP Header of the WebSocket HandShake. (* own authorization method for sgcWebSockets library).
• URL: reads the request authorization using the GET HTTP Header of the WebSocket HandShake. (* own authorization method for sgcWebSockets library).

 

You can set a list of Authenticated users, using AuthUsers property, just set your users with the following format: user=password

OnAuthentication

Every time the server receives an Authentication Request from a client, this event is called to indicate whether the user is authenticated or not.

Use Authenticated parameter to accept or not the connection.

 

procedure OnAuthentication(Connection: TsgcWSConnection; aUser, aPassword: string; 
  var Authenticated: Boolean);
begin
  if ((aUser = 'user') and (aPassword = 'secret')) then
    Authenticated := true
  else
    Authenticated := false;
end;

 

 

OnUnknownAuthentication

If the authentication type is not supported by default, such as JWT, you can still use this event to accept or reject the connection. Just read the parameters and decide whether to accept the connection.

 

procedure OnUnknownAuthentication(Connection: TsgcWSConnection; AuthType, AuthData: string; 
  var aUser, aPassword: string; var Authenticated: Boolean);
begin
  if AuthType = 'Bearer' then
  begin
    if AuthData = 'jwt_token' then
      Authenticated := true
    else
      Authenticated := false;
  end
  else
    Authenticated := false;
end;