"Mathijs" <blabla@bla.hu> wrote in message
news:Xns97BD974677EE7holleknolle23@207.105.83.66...
> We're using TIdHTTPServer (Indy 10) to make a webinterface for our
> (database) application. We need some sort of authentication
> (usernames+passes are stored in our database).
In the OnCommandGet event, when you receive a request from the client that
needs authenticating, you can set the TIdHTTPResponseInfo.AuthRealm property
to a non-empty string. That forces the server to send a 401 response
telling the client that authentication credentials are needed a new request.
TIdHTTPRequestInfo has AuthUsername and AuthPassword properties. Those will
contain the username/password values if the client sends them. You can use
those to check your database fields as needed. For example:
procedure TForm1.IdHTTPServer1CommandGet(ASender: TObject; ARequestInfo:
TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
if (ARequestInfo is a restricted resource) then
begin
if (ARequestInfo.AuthUsername and ARequestInfo.AuthPassword are
not authenticated) then
begin
AResponseInfo.AuthRealm = 'myserver';
Exit;
end;
end;
// send the requested data as needed ...
end;
Gambit
