Authentication & Authorization

Piffer_Claudio · December 25, 2014, 4:28am

Hi,

I have some questions:

What is the best way to handle authentication (user) and authorization (role) in a Server XData. How can I manage a resource in read-only mode (enable only the verb GET) only for some users/roles? I need to create a my class that inherits from class TXDataServerModule and override the ProcessRequest method? I need to add some info in HTTPHeader (that client and server interchange) but I cannot access to it in TXDataClient class. How can I this?

Do you have in roadmap also the HTTP Digest access authentication?

Thank you very much and Merry Christmas

Claudio

wlandgraf · January 15, 2015, 12:42pm

Hello Claudio, for now you would have to inherit ProcessRequest indeed and do some manual processing before calling the inherited method. For the client side, we would have to create some events and interceptions points to make it possible for you. We plan to extend XData in that way, yes.

Piffer_Claudio · January 17, 2015, 5:45pm

Hi Wagner,

thank you very much for the answer. Have you a roadmap that you can share for this implementations?

wlandgraf · January 19, 2015, 7:02am

Not yet, unfortunately.