Welcome, Guest
Guest Settings
Help

Thread: Authentication - Execution order


This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 4 - Last Post: May 15, 2017 1:49 PM Last Post By: Alexandre Machado
Thomas Waldorff

Posts: 8
Registered: 1/19/03
Authentication - Execution order  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 8, 2017 4:32 AM
I'm using Delphi XE8 C/S with Intraweb Ultimate 14.1.13

I fail to understand the execution order with respect to login/authentication.
I'm using the TIWAutherEvent as in the Demo "Authentication" (not "Authentication2")

Using the Demo as playground I have found: If the user is first time around (not cached) there is no user presented in the forms IWLabel2.Caption as authentication is not executed until after IWAppFormCreate.
If the user is cached he/she is shown.

I would like the like the login to be executed prior to IWAppFormCreate.

Then there is the ServerController property AuthenticateBeforeNewSession, which by name would seem to do the trick, but Delphi crashes with Access Violation if it is checked.

Any suggestions?
Thomas
Alexandre Machado

Posts: 1,547
Registered: 8/10/13
Re: Authentication - Execution order  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2017 4:45 PM   in response to: Thomas Waldorff in response to: Thomas Waldorff
Thomas Waldorff wrote:
I'm using Delphi XE8 C/S with Intraweb Ultimate 14.1.13

I fail to understand the execution order with respect to login/authentication.
I'm using the TIWAutherEvent as in the Demo "Authentication" (not "Authentication2")

Using the Demo as playground I have found: If the user is first time around (not cached) there is no user presented in the forms IWLabel2.Caption as authentication is not executed until after IWAppFormCreate.
If the user is cached he/she is shown.

I would like the like the login to be executed prior to IWAppFormCreate.

Then there is the ServerController property AuthenticateBeforeNewSession, which by name would seem to do the trick, but Delphi crashes with Access Violation if it is checked.

Any suggestions?
Thomas

Hi Thomas,

sorry about the late response. Somehow I missed your question here...

Let me check that example and see why it is raising an AV in that circumstance. I'll get back to you on this ASAP.
Alexandre Machado

Posts: 1,547
Registered: 8/10/13
Re: Authentication - Execution order  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2017 4:58 PM   in response to: Thomas Waldorff in response to: Thomas Waldorff
Hi Thomas,

actually, if you set ServerController.AuthBeforeNewSession := True it will work.

However you have to change the code supposed to validate the user. In my original example we have:


function TIWServerController.IWAutherEvent1Check(const aUser,
  aPass: string): Boolean;
begin
  Result := TIWUserSession(WebApplication.Data).CheckUser(aUser, aPass)
end;
 


because I'm using a method declared inside TIWUserSession to validate my username/password pair. When you set AuthBeforeNewSession to True, you will have a nil WebApplication instance (Because the session hasn't been created yet). So you can't use the same code in this case. Please use this, just as an example:


function TIWServerController.IWAutherEvent1Check(const aUser,
  aPass: string): Boolean;
begin
  Result := aUser = aPass;
end;
 


Of course, in a real world scenario you should have a method in your server controller (or other class) that should handle the validation against data in your database.

Please let me know if it worked.

Kind regards
Thomas Waldorff

Posts: 8
Registered: 1/19/03
Re: Authentication - Execution order  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 15, 2017 10:32 AM   in response to: Alexandre Machado in response to: Alexandre Machado
Hi Alexandre

Thanks for your response. I have got it to work for me.

Your explanation is indeed logical. I had however not grasped that you are allowed to do things like database operations from the server controller.

br
Thomas
Alexandre Machado

Posts: 1,547
Registered: 8/10/13
Re: Authentication - Execution order  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 15, 2017 1:49 PM   in response to: Thomas Waldorff in response to: Thomas Waldorff
are allowed to do things like database operations from the server controller.

Yes you are, although I personally find it less than ideal. You can also use a connection from a connection pool:
- Get a connection from the pool
- use it to validate your user data
- release the db connection to the pool in case validation fails. In case validation succeeds you can use this connection during the user session

Kind regards
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02