1

I am working on a Datasnap server with multiple ServerMethods classes. These are then exposed via HTTP/S etc via TDSHTTPService as normal. I'm now trying to implement distinct authentication appropriate to each service area/context/realm. This appears as though it should be possible using the "Context" parameter in the Datasnap TDSAuthenticationManager OnUserAuthenticate event to vary the authentication check employed. However I'm running into problems:

What I've tried:

1) Changed the client side TSQLConnection.Driver.DatasnapContext from "datasnap" to "datasnaptest", and changed the corresponding server side TDSHTTPService.DSContext from "datasnap/" to "datasnaptest/". Attempting to connect succeeds but in the OnUserAuthenticate event the "Context" parameter is empty. Consequently I tried the following:

2) Changed the client side TSQLConnection.Driver.DatasnapContext from "datasnap" to e.g. "datasnap/test", and changed the corresponding server side TDSHTTPService.DSContext from "datasnap/" to "datasnap/test/". Attempting to then connect fails with 'HTTP/1.1 404 Expected datasnap context in request /datasnap/test/tunnel'.

3) Reverted the TSQLConnection.Driver.DatasnapContext and then changed the client side TSQLConnection.Driver.URLPath from "" to "test", and correspondingly changed the server side TDSHTTPService.DSContext to 'test/datasnap/'. Attepmting to then connect similarly fails with 'HTTP/1.1 404 Expected datasnap context in request /test/datasnap/tunnel.'

In short: How does one correctly manage different authentications (related to different/multiple server classes, and therefore exposed under different URLs/Realms from HTTP) in a Delphi 10 Seattle Datasnap server?

Futher background: We have several app servers and web services/interfaces (Webbroker/SOAP and old school datasnap) which we want to unify/modernize under the new style datasnap framework.

W.Prins
  • 1,286
  • 1
  • 14
  • 22

1 Answers1

0

It may be that you can't (or shouldn't) change the 'datasnap' context. It may be that the context parameter to the OnUserAuthenticate event handler wasn't meant to be used that way.

However:

It seems to me you can get along just fine without it by using Custom Attributes, and Authorized and Denied Roles.

Have a look at Bob Swart's tutorial videos (and whitepapers), specifically DataSnap in Action 2 - DataSnap Server Security This will get you on the right track insofar as authentication and authorization is concerned.

Freddie Bell
  • 2,186
  • 24
  • 43
  • Thanks for your attempt to help. To emphasize however, my key problem is that the context (changed or not) is not being passed to the OnUserAuthenticate() method. The value is always empty. This seems to me to be a bug. Why would you have the parameter if it isn't meant to be used? Then remember that different areas of the site correspond to different authentication realms/contexts, so without context you must resort to checking the user/pass checks against every possible realm/context in your site. Not desirable obviously. – W.Prins Mar 26 '16 at 20:16
  • If the context variable is empty (I don't check/use it in my own apps) then I'm thinking it's an incomplete implementation by EMBT and you should submit a bug report on Quality Portal. – Freddie Bell Mar 27 '16 at 05:39