How to avoid the login dialog with Delphi HTTPRio call using a Windows authenticated webservice

2
votes

I have a C# webservice hosted in IIS with Windows authentication enabled that I call from a Delphi 7 client.

When I call the method, I have a system login dialog and I have to enter my windows username and password in order to be authenticated.

Is there a way to skip the login dialog and use the current logged user credentials to call the webservice?

I saw a lot on post explaining how to avoid this login dialog with basic authentication by "injecting" the username/password element with InternetSetOption(...) on the BeforePost event, but nothing about Windows authentication. I was expecting everything to work flawlessly...

Thanks

EDIT

  • The current authentication type is NTLM.

  • My application do not have any login/password dialog. The login dialog I refer to is a system login dialog with "Windows security" in the title

  • The C# server and Delphi client are running on the same computer. My computer is part of a domain and the server will be called only within the local network.

EDIT #2 When the login is prompted, there's the request headers:

POST https://vbergeron.info.com/dev-mmcore/SecurityService.svc HTTP/1.1
SOAPAction: "http://mysite.ca/schemas/mobilemed-ws/security/ISecurityService/GetPermissions"
Content-Type: text/xml
User-Agent: mmrdv.exe/4.0.0.0 Windows-7-SP1/6.1.7601 Ultimate/x86
Host: vbergeron.info.com
Content-Length: 366
Connection: Keep-Alive
Cache-Control: no-cache

Here`s the response header:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
WWW-Authenticate: NTLM
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Date: Fri, 07 Jun 2013 14:38:35 GMT
Content-Length: 0
Proxy-Support: Session-Based-Authentication

So the HTTPRio do not "handle" the NTLM header properly. It`s supposed to catch the 401 and resend the request including the authentication information... Right?

1
windowsweb-servicesdelphiauthentication
See stackoverflow.com/questions/4459637/… - mjn
@mjn, it's a Windows authentication problem. - Fabricio Araujo
@FabricioAraujo if a SOAP Web Service uses HTTP, and the HTTPRio client shows a dialog, it is a HTTP Auth problem - mjn
@mjn, is not an APPLICATION dialog, it's a SYSTEM dialog. He's not authenticating to the WebServer, he's authenticating to DOMAIN server. - Fabricio Araujo
@vIceBerg. Are the C# Web service and Delphi 7 client running in the a Windows domain or is it for access on the Internet? If yes to the former, you could use WIA (Windows Integrated Authentication), the Windows login credentials are used transparently. Done that a few weeks ago. - Jack G.

1 Answers

0
votes

For HTTPrio with NTLM (see my answer https://stackoverflow.com/a/1081582/80901):

In the user name property of the WebNode subcomponent of the THTTPRio component, use the domain name followed by a backslash and the user name:

'domain\username'

After entering the WSDL URL at designtime, the HTTPRIO component will list available port and services.

In a HTTP proxy (Don's Proxy), NTLM is displayed as the request authentication type.