0

i already tried to find an answer here on nearly at any place at the web, but didn't find an answer that helped me out here - so i'm trying it here with this question:

i have to to get some information from a server in a domain, using https via indy components and the windows authentication. that's working quite fine (via IdHTTP1.Get(sURI)), the server logs are showing this (domain/user/request) and the response is always valid.

afterwards i try to post now some new values to the requested data, but this fails, since i get a "401" authenticaion error. BasicAuthentication=false, and HTTPOptions=[hoInProcessAuth,hoForceEncodeParams] via IdHTTP1.Post(sURI, Req_Json), where Req_Json is a UTF-8 encoded TStringStream. Now (and only when trying to POST) the IdHTTP1Authorization event is triggered twice, even if I do a handled=true there (read somewhere in a forum) it fails, if I do nothing there I get the same result: 401. There were some tips about the IdHTTP1SelectAuthorization event, but with that I had no luck, too.

Any ideas, where to start to get this solved? If there are any questions open, don't hesitate to ask!

p.s.: trying to post the same information via postman works correctly - so i guess it's about delphi/indy ...

ttkpi
  • 1
  • 1
  • Welcome to SO! Your question is interesting but the devil lies in the details that you don't show. Please edit your question and include your actual code. – Tom Brunberg Jul 01 '19 at 14:38
  • A 401 error means the server is asking for authentication. If you keep getting the same error, it means the server is not accepting the credentials you are sending. If your credentials work on a GET request (did you verify that the server is actually asking for authentication on GET?) but not on a POST request, then the server is likely not configured correctly, or your user account simply does not have permission to post. – Remy Lebeau Jul 01 '19 at 19:31
  • thanks for replying remy, but as stated: the postman POST request is successfully accepted, same credentials and same machine via the windows authentication. nevertheless i will take another look at the server. the more interesting issue is, that it seems that the server isn't asking for authentication on GET, since the event is not triggered - this only happens on POST. – ttkpi Jul 02 '19 at 04:05
  • thanks for answering tom, but i have no idea which part of the code could help out here. which part should i supply, to help others to understand this (very special) issue? – ttkpi Jul 02 '19 at 04:11
  • Then you are just going to have to compare the raw POST requests from Postman and Indy and see what is different between them. I don't know if postman has an option to output/capture the HTTP request before it is encrypted by SSL/TLS, but Indy does, by assigning a `TIdLog...` component to the `TIdHTTP.Intercept` property. Or look into using a debugging HTTPS proxy like Fiddler. – Remy Lebeau Jul 02 '19 at 22:53
  • thanks remy, i was afraid that i will have to dig deeper into this via wireshark or fiddler. it doesn't seem to be easy to get used to these tools fast, since i'm not quite familiar with both of them. in general a diagnosis, imho especially when talking about https, should better not lack of experience ;) – ttkpi Jul 03 '19 at 11:59
  • some new information because i was testing here: PUT works with both http and https, while POST only works when i use http? no other changes made ... and PUT should use authorization, too ... or am i wrong? – ttkpi Jul 03 '19 at 12:18

0 Answers0