Authentication
Click here to see this page in full context

Authentication

Supported by

 

  TsgcWebSocketServer

  TsgcWebSocketHTTPServer

  TsgcWebSocketClient

  Java script (*only URL Authentication is supported)

 

 

WebSockets Specification doesn't have any authentication method and Web Browsers implementation don't allow to send custom headers on new WebSocket connections.

 

To enable this feature you need to access to the following property:

 

 Authentication/ Enabled

 

 

sgcWebSockets implements 3 different types of WebSocket authentication:

 

Session: client needs to do an HTTP GET passing username and password, and if authenticated, server response a Session ID. With this Session ID, client open WebSocket connection passing as a parameter. You can use a normal HTTP request to get a session id using and passing user and password as parameters

 

http://host:port/sgc/req/auth/session/:user/:password

 

example: (user=admin, password=1234) --> http://localhost/sgc/req/auth/session/admin/1234

 

This returns a token that is used to connect to server using WebSocket connections:

 

    ws://localhost/sgc/auth/session/:token

 

 

URL: client open WebSocket connection passing username and password as a parameter.

 

              ws://host:port/sgc/auth/url/username/password

 

example: (user=admin, password=1234) --> http://localhost/sgc/auth/url/admin/1234

 

 

Basic: implements Basic Access Authentication, only applies to VCL Websockets (Server and Client) and HTTP Requests (client Web Browsers don't implement this type of authentication). When a client tries to connect, it sends a header using AUTH BASIC specification.

 

 

You can define a list of Authenticated users, using Authentication/ AuthUsers property. You need to define every item following this schema: user=password. Example:

 

admin=admin

user=1234

....

 

There is an event called OnAuthentication where you can handle authentication if the user is not in AuthUsers list, client doesn't send an authorization request... You can check User and Password params and if correct, then set Authenticated variable to True. example:

 


procedure WSServerAuthentication(Connection: TsgcWSConnection; aUser, aPassword: string; var Authenticated: Boolean);
begin
  if (aUser = 'John') and (aPassword = '1234') then
    Authenticated := True;
end;