I have ISAPI DLL project in Delphi 10.2, i need to ***read ***all header items, exactly the Authorization Bearer to accept or not the POST request. With exe DatasnapBroker, this is a success with this code
FServer := TIdHTTPWebBrokerBridge.Create(Self);
FServer.OnParseAuthentication := OnDoParseAuthentication;
and in the function OnDoParseAuthentication
procedure TForm1.OnDoParseAuthentication(AContext: TIdContext; const AAuthType,
AAuthData: String; var VUsername, VPassword: String; var VHandled: Boolean);
function DoParseAuthentication(ASender: TIdContext; const AAuthType,
AAuthData: String; var VUsername, VPassword: String): Boolean;
var
s,__BaseName, __GuidBase: String;
begin
Result := False;
if TextIsSame(AAuthType, 'Basic') then begin
with TIdDecoderMIME.Create do try
s := DecodeString(AAuthData);
finally Free; end;
VUsername := Fetch(s, ':');
VPassword := s;
Result := True;
end
else if TextIsSame(AAuthType, 'Bearer') then
begin
with TIdDecoderMIME.Create do try
s := DecodeString(AAuthData);
finally Free; end;
//decrypt jwt or oauth2.0 in my Tjwt.Decodejwt_Bearer class
//for header / payload-data / signature
//sur ISAPI uniquement ici, sur exe lors du create
if Tjwt.Decodejwt_Bearer(AAuthData,__BaseName, __GuidBase) then
begin
//verifier et valider
Result := True;
end;
end;
end;
begin
VHandled := DoParseAuthentication(AContext, AAuthType, AAuthData, VUsername, VPassword);
end;
But, I don't know how to read the authorization, I always have empty in request.Authorization in TWebModule1.WebModuleBeforeDispatch
if i have in my header : Accept-Encoding: gzip,deflate Content-Type: application/json Host: localhost:811 User-Agent: Apache-HttpClient/4.1.1 (java 1.5) Content-Length: 396 Authorization: **Basic **VEVDSF......cCNG
But if i write Authorization: Bearer eyJhbGciOiJS....Im
The value of Request property of TWebModule in an ISAPI web application is an instance of TISAPIRequest class from Web.Win.IsapiHTTP. It implements reading the value of Authorization property via GetServerVariable function of EXTENSION_CONTROL_BLOCK structure. The getter ends up in TISAPIRequest.GetFieldByNameA method, which is only able to read up to 4095 bytes of data from single HTTP header. This limits the bearer token to 4088 bytes after you subtract the size of 'Bearer ' prefix from it.
To workaround this limitation of TISAPIRequest you can implement your own extension method for reading request data:
uses
Winapi.Windows, Web.Win.IsapiHTTP;
type
TISAPIRequestHelper = class helper for TISAPIRequest
public
function GetServerVariable(const Name: UTF8String): UTF8String;
end;
function TISAPIRequestHelper.GetServerVariable(const Name: UTF8String): UTF8String;
var
Size: DWORD;
begin
// calculate size
Size := 0;
ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), nil, Size);
if Size <= 1 then
begin
Result := '';
Exit;
end;
// get the actual variable value
SetLength(Result, Size - 1);
if not ECB.GetServerVariable(ECB.ConnID, PUTF8Char(Name), PUTF8Char(Result), Size) then
Result := '';
end;
To access the Authorization header you would then call:
string((Request as TISAPIRequest).GetServerVariable('HTTP_AUTHORIZATION'));