“READ Bearer in ISAPI DELPHI” 可以翻译为 “在 ISAPI DELPHI 中读取 Bearer”。

huangapple go评论79阅读模式
英文:

READ Bearer in ISAPI DELPHI

问题

I understand that you're looking for assistance with reading the Authorization header in your Delphi 10.2 ISAPI DLL project. To read the Authorization header, you can use the following code in your TWebModule1.WebModuleBeforeDispatch:

procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest;
  Response: TWebResponse; var Handled: Boolean);
var
  AuthHeader: string;
begin
  AuthHeader := Request.Authorization;
  
  // You can now use the AuthHeader variable to access the Authorization header value.
  // Add your code here to handle the Authorization header as needed.
  
end;

This code snippet will retrieve the Authorization header value from the incoming HTTP request, allowing you to process it accordingly.

英文:

I have ISAPI DLL project in Delphi 10.2, i need to ***read ***all header items, exactly the Authorization Bearer to accept or not the POST request.
With exe DatasnapBroker, this is a success with this code

FServer := TIdHTTPWebBrokerBridge.Create(Self);
  FServer.OnParseAuthentication := OnDoParseAuthentication;

and in the function OnDoParseAuthentication

procedure  TForm1.OnDoParseAuthentication(AContext: TIdContext; const AAuthType,
  AAuthData: String; var VUsername, VPassword: String; var VHandled: Boolean);


  function DoParseAuthentication(ASender: TIdContext; const AAuthType,
    AAuthData: String; var VUsername, VPassword: String): Boolean;
  var
    s,__BaseName, __GuidBase: String;
  begin
    Result := False;
    if TextIsSame(AAuthType, 'Basic') then begin
      with TIdDecoderMIME.Create do try
        s := DecodeString(AAuthData);
      finally Free; end;
      VUsername := Fetch(s, ':');
      VPassword := s;
      Result := True;
    end
    else if TextIsSame(AAuthType, 'Bearer') then
    begin
       with TIdDecoderMIME.Create do try
        s := DecodeString(AAuthData);
      finally Free; end;
      //decrypt jwt or oauth2.0 in my Tjwt.Decodejwt_Bearer class
      //for header / payload-data / signature
      //sur ISAPI uniquement ici, sur exe lors du create
      if Tjwt.Decodejwt_Bearer(AAuthData,__BaseName, __GuidBase) then
      begin
        //verifier et valider 
        Result := True;
      end;
    end;
  end;
begin
  VHandled := DoParseAuthentication(AContext, AAuthType, AAuthData, VUsername, VPassword);
end;

But, I don't know how to read the authorization, I always have empty in request.Authorization in TWebModule1.WebModuleBeforeDispatch

if i have in my header :
Accept-Encoding: gzip,deflate
Content-Type: application/json
Host: localhost:811
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Length: 396
Authorization: **Basic **VEVDSF......cCNG

  • it's ok, request.Authorization = Basic ....

But if i write
Authorization: Bearer eyJhbGciOiJS....Im

  • it's KO, request.Authorization = ''

答案1

得分: 1

TWebModuleRequest属性在ISAPI Web应用程序中是Web.Win.IsapiHTTPTISAPIRequest类的实例。它通过EXTENSION_CONTROL_BLOCK结构的GetServerVariable函数实现了读取Authorization属性的值。获取器最终在TISAPIRequest.GetFieldByNameA方法中结束,该方法只能从单个HTTP标头读取最多4095字节的数据。这将使得Bearer令牌的最大长度为4088字节,减去'Bearer '前缀的大小。

要解决TISAPIRequest的这一限制,您可以实现自己的扩展方法来读取请求数据:

uses
  Winapi.Windows, Web.Win.IsapiHTTP;

type
  TISAPIRequestHelper = class helper for TISAPIRequest
  public
    function GetServerVariable(const Name: UTF8String): UTF8String;
  end;

function TISAPIRequestHelper.GetServerVariable(const Name: UTF8String): UTF8String;
var
  Size: DWORD;
begin
  // 计算大小
  Size := 0;
  ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), nil, Size);
  if Size <= 1 then
  begin
    Result := '';
    Exit;
  end;
  // 获取实际变量值
  SetLength(Result, Size - 1);
  if not ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), PUTF8Char(Result), Size) then
    Result := '';
end;

要访问Authorization标头,您可以这样调用:

string((Request as TISAPIRequest).GetServerVariable('HTTP_AUTHORIZATION'));
英文:

The value of Request property of TWebModule in an ISAPI web application is an instance of TISAPIRequest class from Web.Win.IsapiHTTP. It implements reading the value of Authorization property via GetServerVariable function of EXTENSION_CONTROL_BLOCK structure. The getter ends up in TISAPIRequest.GetFieldByNameA method, which is only able to read up to 4095 bytes of data from single HTTP header. This limits the bearer token to 4088 bytes after you subtract the size of &#39;Bearer &#39; prefix from it.

To workaround this limitation of TISAPIRequest you can implement your own extension method for reading request data:

uses
  Winapi.Windows, Web.Win.IsapiHTTP;

type
  TISAPIRequestHelper = class helper for TISAPIRequest
  public
    function GetServerVariable(const Name: UTF8String): UTF8String;
  end;

function TISAPIRequestHelper.GetServerVariable(const Name: UTF8String): UTF8String;
var
  Size: DWORD;
begin
  // calculate size
  Size := 0;
  ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), nil, Size);
  if Size &lt;= 1 then
  begin
    Result := &#39;&#39;;
    Exit;
  end;
  // get the actual variable value
  SetLength(Result, Size - 1);
  if not ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), PUTF8Char(Result), Size) then
    Result := &#39;&#39;;
end;

To access the Authorization header you would then call:

string((Request as TISAPIRequest).GetServerVariable(&#39;HTTP_AUTHORIZATION&#39;));

huangapple
  • 本文由 发表于 2023年6月29日 16:31:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76579334.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定