#1 2015-02-03 16:20:19

Eric
Member
Registered: 2012-11-26
Posts: 129
Website

Credentials/authentication support TWinHTTP

Would it be possible to add credentials support in TWinHTTP?

I hacked it by overriding InternalSendRequest, but it could probably be standardized.

Below are the relevant snippets to be adapted (could not test NTLM, and PASSPORT did not seem to work, but I did not try very hard).

For Windows servers, the strongest one is NEGOTIATE (secure, domain-level authentication)

type

   TdwsWinHTTP = class (TWinHTTP)
      FAuthScheme : TWebRequestAuthentication;
      FUserName : String;
      FPassword : String;

      procedure InternalSendRequest(const aData: RawByteString); override;
   end;

function WinHttpSetCredentials(hRequest: HINTERNET;
   AuthTargets: DWORD; AuthScheme: DWORD;
   pwszUserName: PWideChar; pwszPassword: PWideChar;
   pAuthParams: Pointer) : BOOL; stdcall; external 'winhttp.dll';

const
   WINHTTP_AUTH_TARGET_SERVER    = 0;
   WINHTTP_AUTH_TARGET_PROXY     = 1;

   WINHTTP_AUTH_SCHEME_BASIC     = $00000001;
   WINHTTP_AUTH_SCHEME_NTLM      = $00000002;
   WINHTTP_AUTH_SCHEME_PASSPORT  = $00000004;
   WINHTTP_AUTH_SCHEME_DIGEST    = $00000008;
   WINHTTP_AUTH_SCHEME_NEGOTIATE = $00000010;

procedure TdwsWinHTTP.InternalSendRequest(const aData: RawByteString);
var
   winAuth : DWORD;
begin
   if FAuthScheme<>wraNone then begin
      case FAuthScheme of
         wraBasic : winAuth := WINHTTP_AUTH_SCHEME_BASIC;
         wraDigest : winAuth := WINHTTP_AUTH_SCHEME_DIGEST;
         wraNegotiate : winAuth := WINHTTP_AUTH_SCHEME_NEGOTIATE;
      else
         raise EWinHTTP.CreateFmt('Unsupported request authentication scheme (%d)',
                                  [Ord(FAuthScheme)]);
      end;
      if not WinHttpSetCredentials(fRequest, WINHTTP_AUTH_TARGET_SERVER,
                                   winAuth, PChar(FUserName), PChar(FPassword), nil) then
         RaiseLastOSError;
   end;
   inherited InternalSendRequest(aData);
end;

Offline

#2 2015-02-04 10:03:38

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,713
Website

Re: Credentials/authentication support TWinHTTP

Good idea.
See http://synopse.info/fossil/info/7310be28cd

I've also added the corresponding new properties for our TSQLHttpClientWinHTTP REST class.

Thanks for the feedback!

Offline

Board footer

Powered by FluxBB