Pages: 1

#1 2016-05-31 12:47:40

squirrel
Member
Registered: 2015-08-13
Posts: 155

Http Basic Authentication

When using Basic Authentication, it looks as if Mormot only accepts the Authorized header details when a call to /auth is made.  Any calls to other functions just check if the signature is included, but never the Authorized header.

TSQLRestServerAuthenticationHttpBasic.RetrieveSession only checks the the username and password in the header if there is a valid session, making it a bit pointless to include the Authorized header in the first place.
Is this correct / by design?  Does this mean that the Authorized header can only be used when calling /auth and not to authenticate on the fly?

Is there a setting I can set to ensure that the authentication is always done when the Authorized header is included?

Offline

#2 2016-07-03 07:38:53

squirrel
Member
Registered: 2015-08-13
Posts: 155

Re: Http Basic Authentication

Does anybody have an example of using TSQLRestServerAuthenticationHttpBasic that works?  I need to use basic authentication and look up the username and password from my own list (not orm).

Offline

#3 2016-07-06 01:05:29

Bo
Member
From: Melbourne
Registered: 2016-07-04
Posts: 57
Website

Re: Http Basic Authentication

squirrel wrote:

Does anybody have an example of using TSQLRestServerAuthenticationHttpBasic that works?  I need to use basic authentication and look up the username and password from my own list (not orm).

Same here and would like to know the solution.

Offline

#4 2016-07-28 12:28:41

willo
Member
From: Cape Town, South Africa
Registered: 2014-11-15
Posts: 67
Website

Re: Http Basic Authentication

Have a look at my article here:
https://tamingthemormot.wordpress.com/2 … word-hash/

Offline

Pages: 1

Board footer

Powered by FluxBB