IdAuthenticationDigest actually works!!!

Giganews Newsgroups
Subject: IdAuthenticationDigest actually works!!!
Posted by:  Alan Birtles (..@b.com)
Date: Thu, 27 Apr 2006

After much frustration I have finally got IdAuthenticationDigest working!
The steps are
1. download the latest cvs
2. change

        Result := Result + 'response="' + LstrResponse + '", '+
              'opaque="' + FOpaque + '"';

to

        Result := Result + 'response="' + LstrResponse + '"';
        if FOpaque<>'' then result:=result+', opaque="' + FOpaque + '"';

on line 175 of IdAuthenticationDigest.pas. This was the main problem
that I experienced. According to the RFC the opaque is optional and
without the above code apache's mod_auth_digest (which is what I was
testing with) rejects the authentication.
3. Do not set the username and password in the request,
basicauthentication must be set to false
4. in the http clients OnAuthorization method put the following code:

if not (sender is TIdHTTP) then exit;
Authentication.Username:='username';
Authentication.Password:='password';
if Authentication is TIdDigestAuthentication then
    with Authentication as TIdDigestAuthentication do begin
        Uri:=(sender as tidhttp).Request.URL;
        Method:=(sender as tidhttp).Request.Method;
        end;
handled:=true;

Replies