Authenticate example with HTTP remote access (SynDB)

swierzbicki · 2014-11-24 16:03:23

Hello,

Is there any sample on authentication with HTTP remote access ?
I also like to use any available encryption over HTTP. I don't know where to start (and yes, I've read the documentation )

ab · 2014-11-24 16:31:50

For best security, you should use HTTPS.
But the authentication scheme is enough for most uses, and will be very fast.

By default, you will have the binary data transmitted compressed and encrypted over HTTP.
There is nothing to do: this is enabled by default. Disabling it would not make the process faster - certainly the contrary.
Then remote access would be allowed only when the users have been registered on the server TSynAuthentication instance.

In shorts: the remote users are NOT the DB users.
The remote TSQLDBSocketConnectionProperties() instances should use a name + password credentials pair which have been registered on the server, using AuthenticateUser/DisauthenticateUser methods of TSQLDBServerAbstract.Protocol.Authenticate.
In fact, there is a first couple of name + password optionally set at TSQLDBServerAbstract.Create(), but the main entry point is TSQLDBServerAbstract.Prototocol.Authenticate.

swierzbicki · 2014-11-24 18:11:08

By default, you will have the binary data transmitted compressed and encrypted over HTTP.
There is nothing to do: this is enabled by default. Disabling it would not make the process faster - certainly the contrary.

Ok, that's enough for my purpose

In shorts: the remote users are NOT the DB users.

That's fine.

The remote TSQLDBSocketConnectionProperties() instances should use a name + password credentials pair which have been registered on the server, using AuthenticateUser/DisauthenticateUser methods of TSQLDBServerAbstract.Protocol.Authenticate.
In fact, there is a first couple of name + password optionally set at TSQLDBServerAbstract.Create(), but the main entry point is TSQLDBServerAbstract.Prototocol.Authenticate.

That is the whole point: authentication is needed when no username and password are passed to TSQLDBServerHttpApi.Create method.
I still have questions : How to add multiple users ? Can this be done from an external source ? (I guess that these information are volatile)

How to set/use AuthenticateUser/DisauthenticateUser methods ?, I've tried this basic code :

Server Side

  Props := TSQLDBUniDACConnectionProperties.Create(
  TSQLDBUniDACConnectionProperties.URI(dPostgreSQL,'localhost'),
  'database', 'User', 'Password');
  HttpServer := TSQLDBServerHttpApi.Create(Props,'root','8080');

  SynAuthentication := TSynAuthentication.Create('toto','pipo'); 
  HttpServer.Protocol.Authenticate := SynAuthentication;

Client side

  fProps := TSQLDBWinHTTPConnectionProperties.Create('localhost:8080', 'root',
    'toto', 'pipo');

But it failed with an authentication error message ! : 'Invalid Credentials - check User and Password'

Last edited by swierzbicki (2014-11-24 18:58:42)

ab · 2014-11-24 19:45:52

Do not recreate a new TSynAuthentication.

Just use

HttpServer.Protocol.Authenticate.AuthenticateUser('toto','pipo');
HttpServer.Protocol.Authenticate.AuthenticateUser('toto2','pipo2');
...

Isn't it clear enough?

swierzbicki · 2014-11-24 20:18:34

Easy like A.B.C.
I'm no more in front my computer but if I remember well, I had EAccessViolation when calling

HttpServer.Protocol.Authenticate.AuthenticateUser('toto2','pipo2');

I'll test this again and report here....

Anyway thank you !

ab · 2014-11-24 21:15:42

Should be fixed now.

swierzbicki · 2014-11-25 17:41:35

Thanks, this is well working now :-)

Is there any way to add or remove access to a specific table ? Does TSQLAuthUser and TSQLAuthGroup works with an TSQLDBServerHttpApi ?

ab · 2014-11-25 18:27:23

Good idea.
We may easily add a new TSynAuthentication inherited class able to connect to TSQLAuthUser/TSQLAuthGroup.
Or just integrate SynDBRemote.pas to a mORMot method-based service - may be easier.

swierzbicki · 2014-11-25 18:40:00

That would be a great addition and make Authentication "common" to the whole framework

ab · 2014-11-25 18:41:52

Yes, but I wanted the SynDBRemote feature to be uncoupled from the ORM/SOA part, since they are diverse features.
As soon as you are mixing SQL and SOA, your design just sounds weird...
But it may benefit for legacy projects...

So I've just added TSynAuthenticationRest e.g. for SynDBRemote to check REST users.
See http://synopse.info/fossil/info/1e6d342400
The documentation has been updated.

swierzbicki · 2014-11-25 20:38:32

Wondefull... Looks like you never sleep Arnaud !
I'll test this tomorrow ... Thank you !

ab · 2014-11-25 21:46:35

Perhaps a dedicated unit linking SynDbRemote.pas and mORMot.pas may make sense...

swierzbicki · 2014-11-26 12:56:10

This will be clean and lean...

mORMot Open Source

#1 2014-11-24 16:03:23

Authenticate example with HTTP remote access (SynDB)

#2 2014-11-24 16:31:50

Re: Authenticate example with HTTP remote access (SynDB)

#3 2014-11-24 18:11:08

Re: Authenticate example with HTTP remote access (SynDB)

#4 2014-11-24 19:45:52

Re: Authenticate example with HTTP remote access (SynDB)

#5 2014-11-24 20:18:34

Re: Authenticate example with HTTP remote access (SynDB)

#6 2014-11-24 21:15:42

Re: Authenticate example with HTTP remote access (SynDB)

#7 2014-11-25 17:41:35

Re: Authenticate example with HTTP remote access (SynDB)

#8 2014-11-25 18:27:23

Re: Authenticate example with HTTP remote access (SynDB)

#9 2014-11-25 18:40:00

Re: Authenticate example with HTTP remote access (SynDB)

#10 2014-11-25 18:41:52

Re: Authenticate example with HTTP remote access (SynDB)

#11 2014-11-25 20:38:32

Re: Authenticate example with HTTP remote access (SynDB)

#12 2014-11-25 21:46:35

Re: Authenticate example with HTTP remote access (SynDB)

#13 2014-11-26 12:56:10

Re: Authenticate example with HTTP remote access (SynDB)

Board footer