TsgcWebSocketServer | Server Authentication

TsgcWebSocket server supports 3 types of Authentications:

 

• Basic: read an HTTP Header during WebSocket HandShake with User and Password encoded as Basic Authorization.
• Session: first client request an HTTP session to server and if server returns a session this is passed in GET HTTP Header of WebSocket HandShake. (* own authorization method for sgcWebSockets library).
• URL: read request authorization using GET HTTP Header of WebSocket HandShake. (* own authorization method for sgcWebSockets library).

 

You can set a list of Authenticated users, using AuthUsers property, just set your users with the following format: user=password

OnAuthentication

Every time server receives an Authentication Request from a client, this event is called to return if user is authenticated or not.

Use Authenticated parameter to accept or not the connection.

 

void OnAuthentication(TsgcWSConnection Connection, string aUser, string aPassword, 
  ref bool Authenticated)
{
  if ((aUser == "user") && (aPassword == "secret"))
  {
    Authenticated = true;
  }
  else
  {
    Authenticated = false;
  }
}

 

 

OnUnknownAuthentication

If Authentication is not supported by default, like JWT, still you can use this event to accept or not the connection. Just read the parameters and accept or not the connection.

 

void OnUnknownAuthenticationEvent(TsgcWSConnection Connection, string AuthType, string AuthData, 
  ref string User, ref string Password, ref bool Authenticated)
{
  if (AuthType == "Bearer")
  {
    if (AuthData == "jwt_token")
    {
      Authenticated = true;
    }
    else
    {
      Authenticated = false;
    }
  }
  else
  {
    Authenticated = false;
  }
}