0

Our Delphi client application uses THTTPRIO to call a SOAP Service, protected by Windows Authentication (hosted on an internal IIS-server). The code to call the webservice worked fine since Delphi XE, until Delphi 10.3. In Delphi 10.3 and 10.3.1 this no longer works.

Since 10.3, the 401 that the server sends as part of the authentication process, is processed by THTTPRIO as final html response insted as invitation to send credentials, and thus raises an exception (SOAP expects content to be xml, not html).

In the Delphi 10.3 release notes, I read that the SOAP implementation has been changed, but I could not find any details.

I considered posting code, but actual post is part of Delphi's source code, and I am not sure if that is allowed.

This issue can be reproduced by calling any SOAP service, provided the uri is only accessible via Windows Authentication.

Anyone who knows how to call a SOAP service from Delpi 10.3 application using Windows Authentication?

Edit: The same SOAP test client application works when compiled with 10.2.3, and does not when compiled using 10.3. As the difference is Embarcadero moved from WinInet to WinHTTP for SOAP, it seems that Integrated Security was not implemented in Delphi's System.Net.HttpClient.Win.pas.

Anyone who has added this?

Ronald Ruijs
  • 67
  • 1
  • 11
  • Before 10.3, it rely on WinInet (or Indy if you use USE_INDY directive). Now, it rely on new Delphi THTTPClient and on windows it rely on WinHTTP. You can check Marco Blog http://blog.marcocantu.com/blog/2019-february-rad1031-http-soap-clients.html – Hugues Van Landeghem Apr 05 '19 at 13:55
  • you can also check this https://stackoverflow.com/questions/34360581/soap-message-add-authentication-in-http-header/54255906#54255906 – Hugues Van Landeghem Apr 05 '19 at 16:44
  • Checked both suggestions: one concerns basic authentication, one concerns certificates. Unfortunately, no Windows Integrated security. – Ronald Ruijs Apr 05 '19 at 20:32

2 Answers2

0

This turned out to be a winhttp issue, not a Delphi issue. Winhttp did not recognize my server as local intranet, and thus, did not send credentials after receiving a 401 response.

Of course, I first tried to get my W10 machine to recognize the server as local intranet, by calling url via hostname, not via fqdn. I did not succeed, I do not know why.

But, adding option WINHTTP_OPTION_AUTOLOGON_POLICY with value WINHTTP_AUTOLOGON_SECURITY_LEVEL_LOW did the trick.

Unfortunately, this option is not exposed by Delphi's TWinHTTPClient used by TSOAPClient, leaving me no other choice than using a modified version of Delphi source file System.Net.HttpClient.Win.pas.

Ronald Ruijs
  • 67
  • 1
  • 11
-1

The solution, Ronald found by setting WINHTTP_OPTION_AUTOLOGON_POLICY, is provided by Delphi itself since version 10.3.2.

You have to set "UseDefaultCredentials" of the HTTPWebNode (or directly HTTPWebNode.HTTP) to true to set this option.

Patching System.Net.HttpClient.Win.pas should no longer be necessary after updating to 10.3.2.

JavaTechnical
  • 8,846
  • 8
  • 61
  • 97
Ollie B Bommel
  • 1
  • 1