英文:
READ Bearer in ISAPI DELPHI
问题
I understand that you're looking for assistance with reading the Authorization header in your Delphi 10.2 ISAPI DLL project. To read the Authorization header, you can use the following code in your TWebModule1.WebModuleBeforeDispatch:
procedure TWebModule1.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest;
Response: TWebResponse; var Handled: Boolean);
var
AuthHeader: string;
begin
AuthHeader := Request.Authorization;
// You can now use the AuthHeader variable to access the Authorization header value.
// Add your code here to handle the Authorization header as needed.
end;
This code snippet will retrieve the Authorization header value from the incoming HTTP request, allowing you to process it accordingly.
英文:
I have ISAPI DLL project in Delphi 10.2, i need to ***read ***all header items, exactly the Authorization Bearer to accept or not the POST request.
With exe DatasnapBroker, this is a success with this code
FServer := TIdHTTPWebBrokerBridge.Create(Self);
FServer.OnParseAuthentication := OnDoParseAuthentication;
and in the function OnDoParseAuthentication
procedure TForm1.OnDoParseAuthentication(AContext: TIdContext; const AAuthType,
AAuthData: String; var VUsername, VPassword: String; var VHandled: Boolean);
function DoParseAuthentication(ASender: TIdContext; const AAuthType,
AAuthData: String; var VUsername, VPassword: String): Boolean;
var
s,__BaseName, __GuidBase: String;
begin
Result := False;
if TextIsSame(AAuthType, 'Basic') then begin
with TIdDecoderMIME.Create do try
s := DecodeString(AAuthData);
finally Free; end;
VUsername := Fetch(s, ':');
VPassword := s;
Result := True;
end
else if TextIsSame(AAuthType, 'Bearer') then
begin
with TIdDecoderMIME.Create do try
s := DecodeString(AAuthData);
finally Free; end;
//decrypt jwt or oauth2.0 in my Tjwt.Decodejwt_Bearer class
//for header / payload-data / signature
//sur ISAPI uniquement ici, sur exe lors du create
if Tjwt.Decodejwt_Bearer(AAuthData,__BaseName, __GuidBase) then
begin
//verifier et valider
Result := True;
end;
end;
end;
begin
VHandled := DoParseAuthentication(AContext, AAuthType, AAuthData, VUsername, VPassword);
end;
But, I don't know how to read the authorization, I always have empty in request.Authorization in TWebModule1.WebModuleBeforeDispatch
if i have in my header :
Accept-Encoding: gzip,deflate
Content-Type: application/json
Host: localhost:811
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Content-Length: 396
Authorization: **Basic **VEVDSF......cCNG
- it's ok, request.Authorization = Basic ....
But if i write
Authorization: Bearer eyJhbGciOiJS....Im
- it's KO, request.Authorization = ''
答案1
得分: 1
TWebModule的Request属性在ISAPI Web应用程序中是Web.Win.IsapiHTTP中TISAPIRequest类的实例。它通过EXTENSION_CONTROL_BLOCK结构的GetServerVariable函数实现了读取Authorization属性的值。获取器最终在TISAPIRequest.GetFieldByNameA方法中结束,该方法只能从单个HTTP标头读取最多4095字节的数据。这将使得Bearer令牌的最大长度为4088字节,减去'Bearer '前缀的大小。
要解决TISAPIRequest的这一限制,您可以实现自己的扩展方法来读取请求数据:
uses
Winapi.Windows, Web.Win.IsapiHTTP;
type
TISAPIRequestHelper = class helper for TISAPIRequest
public
function GetServerVariable(const Name: UTF8String): UTF8String;
end;
function TISAPIRequestHelper.GetServerVariable(const Name: UTF8String): UTF8String;
var
Size: DWORD;
begin
// 计算大小
Size := 0;
ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), nil, Size);
if Size <= 1 then
begin
Result := '';
Exit;
end;
// 获取实际变量值
SetLength(Result, Size - 1);
if not ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), PUTF8Char(Result), Size) then
Result := '';
end;
要访问Authorization标头,您可以这样调用:
string((Request as TISAPIRequest).GetServerVariable('HTTP_AUTHORIZATION'));
英文:
The value of Request property of TWebModule in an ISAPI web application is an instance of TISAPIRequest class from Web.Win.IsapiHTTP. It implements reading the value of Authorization property via GetServerVariable function of EXTENSION_CONTROL_BLOCK structure. The getter ends up in TISAPIRequest.GetFieldByNameA method, which is only able to read up to 4095 bytes of data from single HTTP header. This limits the bearer token to 4088 bytes after you subtract the size of 'Bearer ' prefix from it.
To workaround this limitation of TISAPIRequest you can implement your own extension method for reading request data:
uses
Winapi.Windows, Web.Win.IsapiHTTP;
type
TISAPIRequestHelper = class helper for TISAPIRequest
public
function GetServerVariable(const Name: UTF8String): UTF8String;
end;
function TISAPIRequestHelper.GetServerVariable(const Name: UTF8String): UTF8String;
var
Size: DWORD;
begin
// calculate size
Size := 0;
ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), nil, Size);
if Size <= 1 then
begin
Result := '';
Exit;
end;
// get the actual variable value
SetLength(Result, Size - 1);
if not ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), PUTF8Char(Result), Size) then
Result := '';
end;
To access the Authorization header you would then call:
string((Request as TISAPIRequest).GetServerVariable('HTTP_AUTHORIZATION'));
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论