2

I have a REST service built with Delphi XE7 and the MVC Framework (so no datasnap is being used). The frontend is build with angular, but thats not relevant for the topic.

Now I have the requirement to authorize the users via Kerberos authentication. When run from the same domain, the user should be logged inside the web application automatically - in that case its a single sign on-, and when called outside the domain, a username/password window should pop up where the user can logon with his windows credentials.

In .Net thats just 4 lines of code (actually its just settings that need to be set) but in delphi I struggle to perform this action. I searched a lot and found this Kerberos ticket with delphi where it says that I should implement the InitializeSecurityContext function from windows. I found couple other answers that point in that direction and some of them also say that I need to rebuild a the whole NTLM authentication bcz there is no such thing out of the box for delphi. But since I am not that familiar with the windows authentication protocol, I wanted to ask whether somebody has implemented a kerberos authentication with delphi and if there is some other way to achive what I need

Regards Semir

Dmitry Streblechenko
  • 62,942
  • 4
  • 53
  • 78
rimes
  • 761
  • 1
  • 8
  • 25
  • 1
    Generally most of the work for this is done in the web server and not in each web service/app. If you deploy the service on IIS and use its user authentication it should be a lot easier to accomplish. – Brian Oct 17 '18 at 19:36
  • I am not sure this would work likte this. I would still need something inside the code so I can access the authenticated user – rimes Oct 18 '18 at 15:36
  • Many Corporate internal systems that don't support SSO out of the box are placed behind a proxy _(Apache / NGinx)_ that handles Kerberos auth via standard SPNego, then replaces the HTTP header containing the auth token with another header just saying _"hey, that's John Doe, trust me"_ – Samson Scharfrichter Oct 18 '18 at 17:49
  • 1
    For IIS you can get that from [IIS Server Variables](https://msdn.microsoft.com/en-us/library/ms524602(v=vs.90).aspx). – Brian Oct 18 '18 at 18:48
  • Thank you for the answers. But that means that I need to change my application to a ISAPI? RERight now I have a self hosted ST Server, or can I somehow integrate my exe to run under iis? – rimes Oct 19 '18 at 11:08
  • You might want to broaden the audience of this question - it is not really Delphi specific. The implementation won't be any different in C++ – Dmitry Streblechenko Oct 19 '18 at 14:56
  • Hi, thank you for your responses. I managed to convert my app into an isapi, deploy it inside iis, read the session variables (domain/username) that where used to log in (windows credentials asked by the iis) and assign the propper authentication group inside my application. So its solved :) Not sure how I can set the question as done ... – rimes Oct 24 '18 at 05:58

0 Answers0