[SOLVED] HTTP Authentication

[pcurtis]

I am using Synapse and would like a simple example of how to authenticate / login to a web server. I know I need headers but I don't know how to prepare them.

For example

URL http:\\www.abc.def
Username jbloggs
Password somesecret

Thanks in advance.

[Leledumbo]

Authentication is not a one answer topic. There are various authentication methods that have been invented and implemented. If you're trying to act as a client to some existing website that's not yours, read first what method they support. It could range from just a basic auth to a 3-legged OAuth v2.0.

Otherwise, I'm not using Synapse, but here is a simple client/server example of basic auth.

Server:

Code: Pascal  [Select][+][-]

1. {$mode objfpc}
2.  
3. uses
4.   classes,
5.   fphttpapp,
6.   httpdefs,
7.   httproute,
8.   base64;
9.  
10. procedure Whatever(ARequest: TRequest; AResponse: TResponse);
11. var
12.   LAuth: String;
13. begin
14.   LAuth := ARequest.Authorization;
15.   if (Copy(LAuth,1,5) <> 'Basic') or (DecodeStringBase64(Copy(LAuth,7,Length(LAuth) - 7 + 1)) <> 'jbloggs:somesecret') then begin
16.     AResponse.Code := 401;
17.     Exit;
18.   end;
19.  
20.   AResponse.Content := 'This is my precious content';
21. end;
22.  
23. begin
24.   HTTPRouter.RegisterRoute('/accessmethroughbasicauth',@Whatever);
25.   Application.Port := 9000;
26.   Application.Initialize;
27.   Application.Run;
28. end.
29.  

Client:

Code: Pascal  [Select][+][-]

1. uses
2.   fphttpclient;
3.  
4. begin
5.   WriteLn(TFPHTTPClient.SimpleGet('http://jbloggs:somesecret@localhost:9000/accessmethroughbasicauth'));
6. end.
7.  

Or you can use any of these cURL commands:

Code: [Select]

$ curl 'jbloggs:somesecret@localhost:9000/accessmethroughbasicauth'
$ curl -u 'jbloggs:somesecret' 'localhost:9000/accessmethroughbasicauth'


[pcurtis]

I have tried that method before and it didn't work.

For example how would I login to this site?

[Thaddy]

There are two things wrong.
You should not try http://
But https://
For that you need a server certificate but these are free from e.g. https://letsencrypt.org
Authentication for http is not recommended. (Basically: does not exist!!!!)

You are a beginner, start from the right place.

Then again, provided you use httpS, leledumbo's example should work.

[pcurtis]

Is it possible to login to this site using rhat method?

[circular]

You are a beginner, start from the right place.

That was unnecessary.

Is it possible to login to this site using rhat method?

Which site are you trying to log on?

[Thaddy]

You can always test against https://example.com
It it there for that purpose.

[rvk]

There are lots of authentication methods.
So we indeed need to know the site you are trying to login to.
(Or you need to specify exactly what authentication method is used)

[Thaddy]

There are rules. Follow my  link Rik.

[pcurtis]

Try this site. https://forum.lazarus.freepascal.org

How can I discover what method is required?

[rvk]

There are rules. Follow my  link Rik.

You REALLY think following that link will help TS with his question from the opening post?
(please read that one again)

This wasn't about https versus http but about authentication itself (of which there are many variants).

[rvk]

Try this site. https://forum.lazarus.freepascal.org
How can I discover what method is required?

This site doesn't use HTTP authentication via headers.

You can logout and go back to the login page and look at the source.
You see that posting password and username (sometimes along with some session id) will let you login to the site.
Cookies are set and the site knows you are logged-in.

So if you need to login to this site from code you can follow the same path (posting to the login-form page and saving the cookies).

You can follow the examples here.
https://forum.lazarus.freepascal.org/index.php?topic=28008.0

[pcurtis]

How do web browsers login to different sites and differentiate between authentication methods?

[rvk]

How do web browsers login to different sites and differentiate between authentication methods?

Webbrowser follow instruction in code (html).
So for this site, it is a login form and cookies.
For Google sites it is OAuth2.
For other sites it could be a authentication via headers.
For example see https://en.m.wikipedia.org/wiki/Basic_access_authentication
Of that there are again multiple versions.

If you pick the wrong one as client, login won't work.

So, look in the html of the login site to see if you can spot the method.
(Header authentication is seldom used for forum sites.)

[pcurtis]

Thanks. Any idea on how to do it for a vBulletin based site?