Delphi WebSockets Blog Features

SignalRCore WebSocket Authentication

Authentication supported from sgcWebSockets 4.3.0 version

Authentication can be enabled to associate a user with each connection and filter which users can access to resources. Authentication is implemented using Bearer Tokens, client provide an access token and server validates this token and uses it to identify then user.

In standard Web APIs, bearer tokens are sent in an HTTP Header, but when using websockets, token is transmitted as a query string parameter.

The following methods are supported:

srcaRequestToken

If Authentication is enabled, the flow is:

  1. First tries to get a valid token from server. Opens an HTTP connection against Authentication.RequestToken.URL and do a POST using User and Password data.

  2. If previous is successful, a token is returned. If not, an error is returned.

  3. If token is returned, then opens a new HTTP connection to negotiate a new connection. Here, token is passed as an HTTP Header.

  4. If previous is successful, opens a websocket connection and pass token as query string parameter.

 

Authentication.Enabled: if active, authorization will be used before a websocket connection is established.

Authentication.Username: the username provided to server to authenticate.

Authentication.Password: the secret word provided to server to authenticate.

Authentication.RequestToken.PostFieldUsername: name of field to transmit username (depends of configuration, check http javascript page to see which name is used).

Authentication.RequestToken.PostFieldPassword: name of field to transmit password (depends of configuration, check http javascript page to see which name is used).

Authentication.RequestToken.URL: url where token is requested.

Authentication.RequestToken.QueryFieldToken: name of query string parameter using in websocket connection.

 

srcaSetToken

Here, you pass token directly to SignalRCore server (because token has been obtained from another server).

Authentication.Enabled: if active, authorization will be used before a websocket connection is established.

Authentication.SetToken.Token: token value obtained.