Delphi Datasnap client code not getting unauthorized exception

Question

I'm using Delphi 10.1 Berlin Update 2 Enterprise and the DataSnap client/server REST framework.

If I run the app without debugging and invoke a method the user isn't authorized to invoke, the code runs without any exception and the method returns a null response.

When interactively debugging a call on the client to a DataSnap server method, I get two popup exceptions regarding "unauthorized".

The first bubbles up and is replaced by the second.

The second exception gets "eaten" and the session/connection simply closed and then the method returns a blank result (eg a zero if the return type is integer, and an empty string for a string return type).

This is happening in the following section of code near the end of the ExecuteRequest method in the Datasnap.DSClientRest unit:

except
  on E: TDSRestProtocolException do
    LSessionExpired;
end;

Why are these exceptions (eg TDSRestProtocolException) not reaching my code?

I kind of think this is new to Update 2, and I remember seeing those exceptions bubble up to my code prior to Update 2.

Attached is a skeleton example (standard example generated by Delphi wizards) that demonstrates the issue - click the button and you get "" instead of "4321" because the user isn't authorized - but no runtime exception.

I'm new to DataSnap, so bear with me :-)

Thanks in advance for helpful responses =)

Answer 1

This is happening due to DSAuthenticationManager1 component added to webmodule of the server and client side is failing to authenticate.

Please go through this to check how to work with authentication Adding Authentication and Authorization

Answer 2

Well..I'm not sure but try providing username and password to DSRestConnection1 component before the instance of server methods gets created

procedure TClientModule1.TestCon(aUsername, aPassword: string);
var
lServerMethodsClient : TServerMethodsClient;
begin
DSRestConnection1.UserName := aUsername;
DSRestConnection1.Password := aPassword;
lServerMethodsClient:=TServerMethodsClient.Create(DSRestConnection1);
end;

and try to call this functn from ur clientform

procedure TF_ClientForm.Button1Click(Sender: TObject);
begin
ClientModule1.TestCon(EdtUsername.Text, EdtPassword.Text);
end;

Answer 3

Maybe a little late but this morning I've had a deep dive into this because, after upgrading from Delphi XE6 to Tokyo 10.2, applications where I used the TDSRestConnection component got broken. Although I supplied the correct username and password, they did not appear in the TDSAuthenticationManager.OnUserAuthenticate event. The 'problem' has to do with the new System.Net.HttpClient implementation.

To make a long story short (or a little bit less long): The client component does not send the credentials until the receiving server demands one by sending a 401 response. After receiving this (properly formatted) response the client looks at de TDSConnection credentials en tries again. At the client side a complete list of urls with credential requirements is maintaned so repetitive calls to the same url go 'smoother'.

I added this code to the server's WebModule (where the TDSRESTWebDispatcher resides) which solved my problems:

procedure TwbmMain.WebModuleBeforeDispatch(Sender: TObject; Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  LAuthorization: string;
begin
  inherited;

  if Request.PathInfo.StartsWith('/datasnap/') then
  begin
    LAuthorization := TNetEncoding.Base64.Decode(Request.Authorization.Replace('Basic ', ''));

    if LAuthorization.IsEmpty then
    begin
      Response.StatusCode := 401;
      Response.WWWAuthenticate := 'Basic';
      Handled := True;
    end;
  end;
end;

Because my applications provides some downloadable items like a logo etc., I limited the check to just those URLs that have anything to do with datasnap.

Hope this is useful to others!