Pages: 1

#1 2017-03-10 20:23:07

adriany
Member
Registered: 2014-07-25
Posts: 12

Auto adding a user

Hello,

I am trying to authenticate with Windows authentication, so far I have:

  FModel:=TSQLModel.Create([TSQLAuthUser,TSQLAuthGroup],BIAPIModelName);

  FClient:=TSQLHttpClient.Create('localhost',BIAPIPort,FModel);
  FClient.SetUser('','');
  FClient.ServiceRegister([TypeInfo(IBIAPI)],sicShared);

This seems right but fails as I do not have the users in TSQLAuthUser. As I want to automatically add users I have tried:

  FClient:=TSQLRestClientDB.Create(FModel,nil,ChangeFileExt(paramstr(0),'.db'),TSQLRestServerDB,True);
  FClient.Server.CreateMissingTables;
  FClient.Server.ServiceRegister(TBMAPI,[TypeInfo(IBIAPI)],sicClientDriven);

  user:=TSQLAuthUser.Create;
  try
    User.LogonName:=NetworkUsername;
    FClient.Add(user,true);
  finally
    User.Free;
  end;

  FClient.SetUser('','');
  FClient.ServiceRegisterClientDriven(TypeInfo(IBIAPI),FAPI);

But the user is not added to the table, I have opened the .db file in "DB Browser for SQLite" and there are no added users. So the authentication still fails.

I have also tried using TSQLRestServerAuthenticationNone, this works, but the property CurrentServiceContext.Request.SessionUsername on the server is empty, and I need this.

So what am I doing wrong?

Thanks and also thanks for all the great work!


Adrian

Offline

#2 2017-03-11 20:19:21

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Auto adding a user

What does FClient.Add return?

Your user record should have its field set, including a group (and password?)...

Offline

#3 2017-03-12 11:32:53

adriany
Member
Registered: 2014-07-25
Posts: 12

Re: Auto adding a user

Thanks for your reply, most helpful.

I am now trying:

group:=TSQLAuthGroup.Create;
  user:=TSQLAuthUser.Create;
  try
    User.LogonName:=NetworkUsername;
    User.PasswordPlain:='';
    user.GroupRights:=group;
    id:=FClient.AddOrUpdate(user,true);
  finally
    User.Free;
    group.Free;
  end;

It returns 0 for id and if I debug to find out why, I see that it exits in TSQLRestClientURI.EngineAdd here:

  if URI(url,'POST',nil,@Head,@SentData).Lo<>HTTP_CREATED then
    exit; // response must be '201 Created'

it returns 403 so exits.

Can you help further? Thanks in advance.

Last edited by adriany (2017-03-12 13:45:05)

Offline

#4 2017-03-12 21:42:10

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Auto adding a user

And the Sqlite3 error?

Perhaps duplicated login name...

Offline

#5 2017-03-18 10:51:18

adriany
Member
Registered: 2014-07-25
Posts: 12

Re: Auto adding a user

Thanks for your reply, I have moved the register user code to the server and this part is now working.

So now I am trying to auto register a user in OnAuthentificationFailed as described in your documentation on windows authentication. I am using interface services and my setup for standalone (debug) application is as follows:

  FModel:=TSQLModel.Create([TSQLAuthUser,TSQLAuthGroup],BIAPIModelName);
  FClient:=TSQLRestClientDB.Create(FModel,nil,ChangeFileExt(paramstr(0),'.db'),TSQLRestServerDB,True);
  FClient.Server.CreateMissingTables;
  FClient.OnAuthentificationFailed:=AuthentificationFailed;
  FClient.Server.ServiceRegister(TBMAPI,[TypeInfo(IBIAPI)],sicClientDriven);
  FClient.SetUser('','');
  FClient.ServiceRegisterClientDriven(TypeInfo(IBIAPI),FAPI);

 
which I believe is correct.

But I have a chicken/egg situation. I need to call FAPI.RegisterUser in OnAuthentificationFailed, but FAPI is not yet defined as it comes from FClient.ServiceRegisterClientDriven(TypeInfo(IBIAPI),FAPI) which is after SetUser.

If I move the ServiceRegisterClientDriven before SetUser the authentication fails there.

So basically how do I call an interface service in OnAuthentificationFailed?

Please help!

Offline

#6 2017-03-18 12:55:50

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: Auto adding a user

I suppose this is the egg fault, because there is more to eat in the chicken.
smile

The only way of getting rid of this may be to have a method-based service to create a new user.
But on second thoughts, I do not understand how your design is really safe: why do you need users, if the purpose is to create them from the client side?

What I usually do in such cases, is to have mORMot users (to authenticate) - which may be fixed, and application users, separated from the TSQLRest authentication process, which will be stored and handled via a service.
From the user point of view, you never show the mORMot users, but only the application users.

Offline

#7 2017-03-18 15:14:49

adriany
Member
Registered: 2014-07-25
Posts: 12

Re: Auto adding a user

Thanks for the reply, I agree that application users are a better way to do it, but does this mean that I would have to pass the application user in each interface service function? So have a UserID or something parameter on each method? This is what I was trying to avoid by auto adding a user, then on the server I could simply identify the user using SessionUserName.

So what is the best way of identify the current application user on the server?

Thanks!

Offline

Pages: 1

Board footer

Powered by FluxBB