How open a url with http authentication in Delphi?

Question

How open a url (a browser window) that need "http authentication" passing login and password in a transparent way? The legacy app in delphi need open a report in ".aspx" from Reporting Services.

Thanks, Celso

score 5 · Answer 1 · answered Oct 07 '11 at 14:04

5

Use the Indy TidHTTP component as it can easily handle the authentication requirements. Drop the component on the form and:

IdHTTP1.Request.UserName := 'xxx';
IdHTTP1.Request.Password := 'xxx';
IdHTTP1.Get(x);

I believe that works for whatever Indy version that you might have.

answered Oct 07 '11 at 14:04

Darian Miller

7,808
3
43
62

2

You can use Indy with Delphi 5. I do. – Darian Miller Oct 07 '11 at 15:03
1

There is a BasicAuthentication property (boolean) in IdHTTP too, which I would set to true to make the code more self-explaining – mjn Oct 07 '11 at 15:46
have a way to put TidHTTP in Delphi 5 without install "component", maybe using only generate the units? – celsowm Oct 07 '11 at 17:17
You don't necessarily need to install the visual components to use Indy as long as the source is in your project, or library path. You could also look at Synapse if you want an even lighter weight choice. – Darian Miller Oct 07 '11 at 17:31

score 4 · Answer 2 · answered Oct 07 '11 at 14:49

4

You can use WinHTTP, check the IWinHttpRequest.SetCredentials method

check this sample

uses
  Variants,
  SysUtils,
  WinHttp_TLB;


Const
  HTTPREQUEST_SETCREDENTIALS_FOR_SERVER = 0;
Var
  Http: IWinHttpRequest;
begin
  try
   Http := CoWinHttpRequest.Create;
   try
     Http.Open('GET', 'http://Foo.com/home', False);
     Http.SetCredentials('AUser','APassword', HTTPREQUEST_SETCREDENTIALS_FOR_SERVER);
     Http.Send(EmptyParam);

     //Do your stuff

   finally
     Http:=nil;
   end;
  except
    on E:Exception do
      Writeln(E.Classname, ': ', E.Message);
  end;
end.

answered Oct 07 '11 at 14:49

RRUZ

134,889
20
356
483

No, because WinHttp (Windows HTTP Services) is part of Windows. – RRUZ Oct 07 '11 at 19:24
this "http.open" literally will open a browser? because i need this – celsowm Oct 07 '11 at 19:48
No, this component is for retrieve the content of a web page or download a http resource. – RRUZ Oct 07 '11 at 19:55

score 1 · Answer 3 · answered Oct 07 '11 at 13:38

1

you can just have an URL with the username and password in it if that is acceptable.

http://username:password@www.mysite.com/page.aspx

answered Oct 07 '11 at 13:38

StefanE

7,578
10
48
75

firefox cool (despite warnings that it does)...but in ie does not works – celsowm Oct 07 '11 at 13:48
1

By default IE does not support it. Have a look here how it can be changed: http://support.microsoft.com/kb/834489 – StefanE Oct 07 '11 at 13:51
I would not recommend sending your password as plain text in a URL. – Jerry Gagnon Oct 07 '11 at 14:12
This is not in the HTTP RFC standard either, more something "exotic" – mjn Oct 07 '11 at 15:44
1

@mjn: no, it is not in the HTTP spec, because the "http" URL scheme is not actually part of HTTP itself. The general format of a URL is defined separately in RFC 3986 instead, which does define the use of username and password in URLs (see section 3.2). Anyone who parses an "http" URL (ie a webbrowser or other HTTP client) is supposed to separate the URL into its individual components and then send an HTTP request with a proper 'Authorization' header. – Remy Lebeau Oct 07 '11 at 17:42
@Remy the HTTP 1.1 spec http://tools.ietf.org/html/rfc2616#section-3.2.2 defines the http URL as `http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]` - so I am confused now :) – mjn Oct 07 '11 at 20:29
@mjn: I did not see the URL definition in RFC 2616 before. Looking at it, I see that RFC 2616 section 3.2.1 say: _For definitive information on URL syntax and semantics, see "Uniform Resource Identifiers (URI): Generic Syntax and Semantics," RFC 2396 (which replaces RFCs 1738 and RFC 1808). This specification adopts the definitions of ... "authority" from that specification._ The `authority` component defined in RFC 2396 (replaced by RFC 3986) section 3.2 allows for a `userinfo` component. That is where a "user:pass" pair would be used. The definition in RFC 2616 section 3.2.2 is incomplete. – Remy Lebeau Oct 07 '11 at 22:49
@mjn: ... I have seen plenty of working uses of HTTP URLs that conform to the RFC 2396/3986 definition to allow the `userinfo` component. The RFC 2616 definition does not allow the `userinfo` component, but it also does not really the follow the RFC 2396/3986 definition, which is generic and more commonly used. – Remy Lebeau Oct 07 '11 at 22:53
@Remy thank you for clarifying! It looks like the German Wikipedia entry about [http://de.wikipedia.org/wiki/URL](URL) is wrong: an example of a http URL with user/pass warns that this is not a valid URL, and links to http://tools.ietf.org/html/rfc2616#section-3.2.2 as a reference. In the English Wikipedia, this warning is missing. – mjn Oct 08 '11 at 07:53
He asked a question and I gave an answer with the "if acceptable" to solve his problem. Would have been pointless to tell him to re-code his legacy code and create a secure WebService etc etc. He asked how he open a link that need authorization in a transparent way rather than secure – StefanE Oct 10 '11 at 08:58

How open a url with http authentication in Delphi?

3 Answers3