>
> TIdHTTPServer processes the 'Authorization' header after triggering the
> OnCreatePostStream event but before triggering the OnCommandGet event, so
> that it can fill in the AuthUsername and AuthPassword properties of the
> RequestInfo object that will be passed to OnCommandGet. However, it only
> supports 'Basic' right now. Anything else will raise an
> EIdHTTPUnsupportedAuthorisationScheme exception, which will terminate the
> connection immediately.
Thank you! I was hoping you would reply.
Now I know what is happening, I can probably implement some sort of
workaround. I could perhaps remove the 'Authorization' header in the
OnCreatePostStream and store it in the context till later. The
TIdHTTPServer would then find no 'Authorization' header after the return
from OnCreatePostStream and so would not close the connection, but fire the
OnCommandGet as if there was no authorization scheme in use at all. Then,
in the OnCommandGet, I could check the Auth. header in the context to see if
I need to respond with the SOAP page or a 403.
Rgds,
Martin
