SOAP-Server C++/Delphi: How can I clear previous authentication?

  c++, delphi, http-authentication

I have a SOAP-Server (created with WebServer Wizzard C++ Builder 10.3).

I use HTTP Basic Authentication to login. I can see and check user /password either in TIdHTTPWebBrokerBridge::OnParseAuthentication() or in TWebModule::WebModule1DefaultHandlerAction() like this:

void __fastcall TForm1::OnParseAuthentication(TIdContext *AContext, const UnicodeString AAuthType,
const UnicodeString AAuthData, UnicodeString& VUsername, UnicodeString& VPassword, bool& VHandled)

{

String szZugangsdaten = TNetEncoding::Base64->Decode(AAuthData);

System::DynamicArraySystem::UnicodeString array = ::SplitString(szZugangsdaten, ":");

if (array.Length == 2) {

    VUsername = array[0];
    VPassword = array[1];

    VHandled = bool(VUsername == "right_user" && VPassword == "right_pw");

}
else {

VHandled = false;

}

}

My Problem: As soon as the client loggged on, the old ("correct") access data is always transmitted in the response, even if I enter incorrect user/password in the browser:

1.attempt: http://wrong_user:[email protected] -> No authentication (OK)

2.attempt: http://richt_user:[email protected] -> Authentication (OK)

3.attempt: http://wrong_user:[email protected] -> Authentication (!!!)

How can I avoid it?

Thank you,

Julia

Source: Windows Questions C++

LEAVE A COMMENT