Delphi 7 SOAP Authentication and SessionID HowTo
- by Justin Philbrow
Hello All,
I am developing a 3 tier database application.
1.) MS SQL DB
2.) Middle tier SOAP Server (with Delphi 7) connected to the DB
3.) Clients (first win32 gui (with Delphi 7) - later other platfomrs) connected to the SOAP server
I chose a SOAP Server to be open to various clients at a later stage (also some of the win32 gui clients will be stationed abroad - so the clients need to be thin) (this as suggested by Dr. Bob).
I am new to SOAP and have been looking at different examples and papers about authentication. But cant quite get my head around it.
I have made a SOAP server and client with Delphi's SOAP Server Application Wizard and added a SOAP SERVER Data Module, added a database connection and some datasets and providers. Connected the client with dbgrid etc and that part works fine.
But I want the client first to login and then be able to access data and I want the server to log each connection and also when the client logs off or is disconnected, so I am guessing I need the sessionID and a timeout. I also want the server to be able to tell the clients who else is "connected" (or whos session is still active) at any given time.
I have gathered that I need to make a authentication header, but cant figure out where or who I can get a sessionID. I presume that each time a client connectes to the server the server generates a sessionID? How do I get this?
Any help or suggestions/pointer would be appreciated,
thanks
Justin
OK take 2:
OK, I have done the following so far (this is used from the example Bank Account SOAP application that comes with Delphi 7):
procedure TForm1.btnLoginClick(Sender: TObject);
var
H: TAuthHeader;
Headers: ISOAPHeaders;
SoapData: IThorPayServerDB;
begin
SoapData := HTTPRIOOnForm as IThorPayServerDB;
if not(SoapData.login(edtUser.Text,edtPassword.Text)) then
begin
showmessage('Not correct login');
exit;
end;
Headers := SoapData as ISoapHeaders;
{ Get the header from the incoming message }
Headers.Get(TAuthHeader, TSoapHeader(H));
try
if H < nil then
begin
FIdKey := H.IdNumber;
FTimeStamp := H.TimeStamp;
end
else
ShowMessage('No authentication header received from server');
finally
H.Free;
end;
if FIdKey 0 then showmessage('Authenticated');;
end;
The SoapData.login returns the correct result, but for some reason I cant get hold of the header. In this case H is nil and the result becomes 'No authentication header received from server'.
If I intersept the SOAP xml I can see that the header is there, here is the returned package:
1
1
4208687
2010-05-14T10:03:49.469+03:00
true
Anyone any idea? In this case I am not using the SOAPConnetion that I am using for the DB, but a seperate HTTPTRIO component.