TsgcWebSocketServer | Server Authentication

TsgcWebSocket server supports 3 types of Authentications:

 

• Basic: reads an HTTP Header during the WebSocket HandShake with User and Password encoded as Basic Authorization.
• Session: first the client requests an HTTP session from the server and if the server returns a session, it is passed in the GET HTTP Header of the WebSocket HandShake. (* own authorization method for sgcWebSockets library).
• URL: reads the request authorization using the GET HTTP Header of the WebSocket HandShake. (* own authorization method for sgcWebSockets library).

 

You can set a list of Authenticated users, using AuthUsers property, just set your users with the following format: user=password

OnAuthentication

Every time the server receives an Authentication Request from a client, this event is called to indicate whether the user is authenticated or not.

Use Authenticated parameter to accept or not the connection.

 

void OnAuthentication(TsgcWSConnection Connection, string aUser, string aPassword, 
  ref bool Authenticated)
{
  if ((aUser == "user") && (aPassword == "secret"))
  {
    Authenticated = true;
  }
  else
  {
    Authenticated = false;
  }
}

 

 

OnUnknownAuthentication

If the authentication type is not supported by default, such as JWT, you can still use this event to accept or reject the connection. Just read the parameters and decide whether to accept the connection.

 

void OnUnknownAuthenticationEvent(TsgcWSConnection Connection, string AuthType, string AuthData, 
  ref string User, ref string Password, ref bool Authenticated)
{
  if (AuthType == "Bearer")
  {
    if (AuthData == "jwt_token")
    {
      Authenticated = true;
    }
    else
    {
      Authenticated = false;
    }
  }
  else
  {
    Authenticated = false;
  }
}