When preparing a Http request, username and password aren't written to the request header. Only X-Requested-with is set to XMLHttpRequest.
As a workaround, the header could be set with username and password manually:
procedure SetAuthHeader(ARequest : TWebHttpRequest; const AUser, APass : string);
begin
ARequest.Headers.Values['Authorization'] := 'Basic ' + CreateBasicAuth(AUser, APass);
end;
function CreateBasicAuth(const AUser, APass : string) : string;
var
Encoding : TBase64Encoding;
begin
Encoding := TBase64Encoding.Create;
try
Result := Encoding.Encode(AUser + ':' + APass);
finally
Encoding.Free;
end;
end;
It would be more convenient if the properties exposed by the request object would be used (as in TWebClientConnection)