Re: [twsocket] HttpServer and password...
Hi, > I just checked in a change that removes these lines, so THttpServer... I commented out the lines, here, and it works. Thanks. Ciao, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
zayin wrote: > Hi, > > I was finally able to get back to the password failing when it is > empty. (which is OK) > > The lines in the source code that prevent the '' password appear to > be: > > unit OverbyteIcsHttpSrv; > > function THttpConnection.AuthDigestCheckPassword(const Password: > String): Boolean; > ... > >if Password = '' then begin >Result := FALSE; >Exit; >end; > > > > A 401 is returned. I just checked in a change that removes these lines, so THttpServer should work with empty digest passwords, similar THttpCli changes have to wait until there's more time but it's on the radar now, thanks for reporting. http://wiki.overbyte.be/wiki/index.php/ICS_Download Available with SVN now or included in next daily snapshot ZIP. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
Empty password should be usable indeed. -- francois.pie...@overbyte.be http://www.overbyte.be - Original Message - From: "Arno Garrels" To: "ICS support mailing" Sent: Wednesday, June 15, 2011 6:56 PM Subject: Re: [twsocket] HttpServer and password... Francois PIETTE wrote: A 401 is returned. What am I missing? As I told you in my previous message, you missed that password (passed as var to the event handler) is initialized to #0 which is NOT an empty string. I also do not understand why that has something to do with the fact that both THttpCli and THttpServer require a non-empty password string to handle authentication, one snipped from THttpCli: {code} if (FStatusCode = 401) and (FDoAuthor.Count > 0) and {$IFDEF UseNTLMAuthentication} (FAuthNTLMState = ntlmNone) and {$ENDIF} {$IFDEF UseDigestAuthentication} (FAuthDigestState = digestNone) and {$ENDIF} (FCurrUserName <> '') and (FCurrPassword <> '') then begin { We can handle authorization } {code} I think that is a bug, though empty passwords are rarely used. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
Francois PIETTE wrote: >> A 401 is returned. >> >> What am I missing? > > As I told you in my previous message, you missed that password > (passed as var to the event handler) is initialized to #0 which is > NOT an empty string. I also do not understand why that has something to do with the fact that both THttpCli and THttpServer require a non-empty password string to handle authentication, one snipped from THttpCli: {code} if (FStatusCode = 401) and (FDoAuthor.Count > 0) and {$IFDEF UseNTLMAuthentication} (FAuthNTLMState = ntlmNone) and {$ENDIF} {$IFDEF UseDigestAuthentication} (FAuthDigestState = digestNone) and {$ENDIF} (FCurrUserName <> '') and (FCurrPassword <> '') then begin { We can handle authorization } {code} I think that is a bug, though empty passwords are rarely used. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
Hello, >As I told you in my previous message, you missed that password (passed as > var to the event handler) is initialized to #0 which is NOT an empty string. No, I am using what I said: Password:=''; And you said "This is the proper way." Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
I was finally able to get back to the password failing when it is empty. (which is OK) The lines in the source code that prevent the '' password appear to be: unit OverbyteIcsHttpSrv; function THttpConnection.AuthDigestCheckPassword(const Password: String): Boolean; ... if Password = '' then begin Result := FALSE; Exit; end; A 401 is returned. What am I missing? As I told you in my previous message, you missed that password (passed as var to the event handler) is initialized to #0 which is NOT an empty string. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
zayin wrote: > Hi, > > I was finally able to get back to the password failing when it is > empty. (which is OK) > > The lines in the source code that prevent the '' password appear to > be: > > unit OverbyteIcsHttpSrv; > > function THttpConnection.AuthDigestCheckPassword(const Password: > String): Boolean; > ... > >if Password = '' then begin >Result := FALSE; >Exit; >end; > > > > A 401 is returned. > > What am I missing? Nothing. These lines are there since THttpCli also requires a non-empty password before it starts authentication, which most likely has to be fixed as well. IMO it is save to remove these lines. Changing the behaviour in THttpCli is more work. -- Arno garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
Hi, I was finally able to get back to the password failing when it is empty. (which is OK) The lines in the source code that prevent the '' password appear to be: unit OverbyteIcsHttpSrv; function THttpConnection.AuthDigestCheckPassword(const Password: String): Boolean; ... if Password = '' then begin Result := FALSE; Exit; end; A 401 is returned. What am I missing? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
The password field is blank in OnAuthGetPassword. I do not change the 'Password'. It is #0. You should probably change Password to the empty string. #0 is /not/ the empty string. This has been designed so that you can use an empty password which is different than not changing Password var parameter ! During testing I set the var Password to '' and had the same result. Password:=''; Is there some other way I should do it? This is the proper way. Please use the debugger to see what happend to your password. You'll quickly see the test and see the reply prepared by the component to send to the client browser. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
Hello, >> The password field is blank in OnAuthGetPassword. I do not change the >> 'Password'. It is #0. >You should probably change Password to the empty string. #0 is /not/ the >empty string. This has been designed so that you can use an empty password >which is different than not changing Password var parameter ! During testing I set the var Password to '' and had the same result. Password:=''; Is there some other way I should do it? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpServer and password...
The password field is blank in OnAuthGetPassword. I do not change the 'Password'. It is #0. You should probably change Password to the empty string. #0 is /not/ the empty string. This has been designed so that you can use an empty password which is different than not changing Password var parameter ! btw: When you have this kind of problem, I suggest you use Delphi debugger to see what happend when you return from the event handler. Just be sure to add VC32 in the search path so that Delphi find the component source and is able to single step in it. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be - Original Message - From: "zayin" To: Cc: Sent: Sunday, June 05, 2011 5:51 PM Subject: [twsocket] HttpServer and password... Hello, HttpServer version 7.29. I set the server to: HttpServer.AuthTypes:=[atBasic,atDigest] The user tries to logon and enters his name. For this user he does not have a password and that is OK with me. The browser is using digest mode. The password field is blank in OnAuthGetPassword. I do not change the 'Password'. It is #0. But the logon fails. OnAuthResult has false in success. What am I doing wrong? Must the user have a password? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] HttpServer and password...
Hello, HttpServer version 7.29. I set the server to: HttpServer.AuthTypes:=[atBasic,atDigest] The user tries to logon and enters his name. For this user he does not have a password and that is OK with me. The browser is using digest mode. The password field is blank in OnAuthGetPassword. I do not change the 'Password'. It is #0. But the logon fails. OnAuthResult has false in success. What am I doing wrong? Must the user have a password? Thanks, Mark -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be