Hello,
When connecting TRemoteDBDatabase to a RemoteDB server implementing TBasicAuthMiddleware, the TAuthenticateBasicProc does work, user is identified and TUserIdentity is instantiated like in the documentation, but RemoteDB Client always fails with this error :
RemoteDB request error:
http://192.168.0.212:2001/xxxx/config
401
as if authentication was awaited... this exception is raised from TRemoteDBDatabase inner procedure CheckConfig when setting aRemoteDBDatabase.connected := true;
Do those two components cannot work together or am I missing something ?
Can you please check if you have not filled TRemoteDBDatabase.UserName and Password properties? They should not be used if you have added BasicAuthMiddleware.
Thanks for your answer, and sorry for the delay (holidays).
Of course I did not filled UserName and Password fields.
So you're telling me that it must work... maybe default values from the TRemoteDBModule instantiation need to be removed ?
Update : I tried emptying UserName and Password field, and now I don't get 401 anymore. But my identification is completely useless. I had to create a TRemoteDBModuledescendant to handle it (simplified here) :
TOwnRemoteDBModule = class(TRemoteDBModule)
public
procedure ProcessRequest(const Context: THttpServerContext); override;
end;
procedure TOwnRemoteDBModule.ProcessRequest(const Context: THttpServerContext);
var
Claim : TUserClaim;
begin
Claim := nil;
if Context.Request.User<>nil then
Claim := Context.Request.User.Claims.Find('roles');
if (Claim=nil) or not (Claim.AsString='something') then
begin
{$IFDEF DEBUGLOG} Logger.Debug('Authentication failed. Sending www-authenticate header to client.'); {$ENDIF}
Context.Response.Headers.SetValue('www-authenticate', 'Basic');
Context.Response.StatusCode := 401;
Exit;
end;
inherited ProcessRequest(Context);
end;
'hope it would be helpful to someone else or for a next version ^^
That's how it's supposed to work. The authentication middleware (Basic or JWT, the current ones) all they do is process the authentication info from client request and assign (or not) the User property in the request. It's up to the module or others middleware in the chain to add business logic and check for the User and perform actions.
I did not give a try to custom middlewares for now but this is indeed a good idea, thank you !