Delphi - Datasnap authentication via AJAX

Asked

Viewed 656 times

0

I am now starting to use authentication in Datasnap.
I am trying to access the methods via AJAX and is returning error 401 - Unauthorized.

My request is as follows:

$.ajax({
        username: login,
        password: pass,
        async : false,
        cache: "false",
        dataType: 'json',
        type: 'get',
        url: url,
        success: function(data){...}

I did it following this question, where the only difference is that I’m not using jsonp.

When accessed by browser, a box is displayed for entering the user and password, when I enter the credentials allows me to continue.

Does anyone know how to solve?



EDIT 1

I have also tried to make the request using:

beforeSend: function (xhr) {
     xhr.setRequestHeader('Authorization', makeBaseAuth(login, pass));
    }

In place of username and password.

  • Which Datasnap you are using and how you created the Datasnap project to start working as Webservice, was from the Datasnap REST or Datasnap Server?

  • @Jeffersonrudolf I’m using Delphi XE7, it was created as Datasnao REST, and I marked the Authentication option when creating it. I have already introduced the Onauthentication method and the Userroles. Testing in the browser or Serverfunctioninvoker works perfectly.

  • In your Datasnap you already have the get function ready?... because to access the functions of Datasnap has a nomenclature, for example: IP:port/datasnap/Rest/Tservermethods1/method of your function in the datasnap, because when you fill user and password and enter, you will require this function to be able to validate, otherwise it will give problem with communication.

  • @Jeffersonrudolf Yes, as I said in the question, if testing the URL directly from the browser works normally. I have other Datasnaps that work with AJAX normally, but do not use authentication

  • You pass the user and password to the Datasnap and want the same authentication and return if everything went all right?... If that is so, you will start working with headers that are the headers, you send user and password so Datasnap can authenticate. You use some application to be able to do the requisition tests, if you do not use, I suggest you use Postman which is very good for testing.

  • @Jeffersonrudolf I edited the question by adding an example of something else I tried.

Show 1 more comment

1 answer

0

Try this way in class ServerMethodsUnit1 which is created together when you create the Datasnap REST add in class uses Web.HTTPApp. In the function that is requested when you pass the user and password, you must grab the user and the password that comes from the Header, then you must implement it as follows to get this information.

var
  oWebModule: TWebModule;
  sBody: String;
begin
  oWebModule := GetDataSnapWebModule;
  sBody := oWebModule.Request.Content;
end;

So you can catch the Header sent to the Datasnap, how are you working with REST by default the Lyfecycle his is Invocation, At each execution of a servermethod an instance of the class will be created and then destroyed.
This way you can not work with session, only if you create the project from the Datasnap Server, but the same does not have Webbroker to be able to catch the Header sent to Datasnap.

  • I don’t understand why I took the Header in class ServerMethodsUnit1 . I’m already checking the credentials sent on WebModule in the method OnAuthentication where the UserRoles and assign access to methods in the class ServerMethodsUnit1 for his sake.

  • The onAuthentication event is good to use when controlling the Webservice session, which functions it may have authorization to access, but if you just want to authenticate and see if the user is right. I’ll give you two links as an example. https://edn.embarcadero.com/br/article/41267 http://docwiki.embarcadero.com/RADStudio/Seattle/en/Authentication_and_Authorization

  • I used these links as an example to build this application. It’s exactly the same way. What I didn’t understand in your answer is what else you have after this code and what is the function GetDataSnapWebModule

  • It is used to catch the Header, which would be the user and password, but cannot control the authorizations of the function.

  • @henriqueromao, is a native function of Datasnap, I forgot to mention that you must declare in uses Datasnap.Dshttpwebbroker in order to use the function.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.