As you develop your HTTP client, you may find that you need to pass user security credentials to an HTTP server for the purpose of authentication. The OpenEdge.Net library enables you to pass security credentials through one of the following authentication mechanisms:
  • HTTP basic authentication
  • HTTP digest authentication
  • Authentication callback
  • On-demand authentication

In all of these mechanisms, you only need to create and pass credentials to the appropriate authentication method when building an HTTP request. Any required encryption or encoding is done automatically by the OpenEdge.Net procedure library.

HTTP basic authentication

In HTTP basic authentication, the HTTP client passes credentials preemptively in an Authorization header along with the request. Because this authentication method passes credentials preemptively, it is useful only when you know the user's credentials in advance and when you are sure that the server requires credentials to process the request.

Note that credentials are encoded using the Base64 encoding scheme, but not encrypted, so this mechanism is secure only when you are using HTTPS.

To implement HTTP basic authentication, create a Credentials object and pass it to the UsingBasicAuthentication() method. The Credentials class constructor takes three parameters: domain, username, and password.

USING OpenEdge.Net.HTTP.Credentials. 
									
DEFINE VARIABLE oCredentials AS Credentials NO-UNDO.
DEFINE VARIABLE httpUrl AS CHARACTER NO-UNDO. 
									
httpUrl = "http://localhost:9090/oem/resources". 
									
oCredentials = new Credentials('application', 'admin', '4admin'). 
									
oRequest = RequestBuilder:Get(httpUrl):UsingBasicAuthentication(oCredentials):Request.

HTTP digest authentication

In HTTP digest authentication, the HTTP client creates a hash key by encrypting certain fields, such as username and password, using a nonce (a random number generated for one-time use) provided by the server. The client then sends the hash key back to the server. The server produces its own hash key from the same fields (username, password, etc) and compares it with the hash key that is sent by the HTTP client. If the hash keys match, the authentication succeeds and the server provides access to the requested resource.

HTTP digest is more secure than HTTP basic authentication.

To implement HTTP digest authentication, create a Credentials object and pass it to a UsingDigestAuthentication() method when building an HTTP request. Other steps, such as obtaining a nonce from the server and creating a hash key, are performed internally by the OpenEdge.Net library.
oCredentials = new Credentials('application', 'admin', '4admin'). 
									
oRequest = RequestBuilder:Get(httpUrl):UsingDigestAuthentication(oCredentials):Request.

Authentication callback

In the authentication callback mechanism, the HTTP client responds to a server's demand for authentication by invoking an ABL class or procedure that is responsible for providing the required credentials (typically through a login form or widget presented to a user).

To implement the authentication callback mechanism, use the AuthCallback() method as shown in the following examples.

Adding Auth Filter Callback as a class

USING OpenEdge.Net.HTTP.Filter.Auth.IAuthFilterEventHandler.
USING OpenEdge.Net.HTTP.Credentials.
 

oRequest = RequestBuilder:Get('http://localhost:9090/oem/resources')
           :AcceptJson()
          :AuthCallback(new AuthStatusListener())
           :Request. 

/* The AuthStatusListener class is defined as: */
CLASS AuthStatusListener implements IAuthFilterEventHandler:

  METHOD PUBLIC VOID AuthFilter_HttpCredentialRequestHandler(
      INPUT poSender as Object,
      INPUT poEventArgs as AuthenticationRequestEventArgs ):
 
  poEventArgs:Credentials = new 
  Credentials('domain','admin','4admin').        
  END METHOD.

END CLASS.

Adding Auth Filter Callback as a procedure

USING OpenEdge.Net.HTTP.AuthenticationRequestEventArgs.
USING OpenEdge.Net.HTTP.Credentials. 

oRequest = RequestBuilder:Get('http://localhost:9090/oem/resources')
                :AcceptJson()
                :AuthCallback(this-procedure) 
                :Request. 

PROCEDURE AuthFilter_HttpCredentialRequestHandler: 
    DEFINE INPUT PARAMETER poSender as Object. 
    DEFINE INPUT PARAMETER poEventArgs as AuthenticationRequestEventArgs.

    poEventArgs:Credentials = new 
    Credentials('domain','admin','4admin'). 

END PROCEDURE.

On-demand authentication

This method is similar to HTTP basic authentication; however, instead of sending credentials preemptively, the HTTP client sends credentials only when required by the server. To implement this authentication mechanism, use the UsingCredentials() method as shown in the following example.
oCredentials = new Credentials('application', 'admin', '4admin'). 

oRequest = RequestBuilder:Get('http://localhost:9090/oem/resources')
                :AcceptJson()
                :UsingCredentials(oCredentials)
                :Request.

Authorization header

In addition to using any of the authentication mechanisms listed in this topic, you can use the AddHeader() method to specify the Authorization header. This is useful in certain situations, such as when you need to pass OAuth bearer tokens.
lcToken = oJson:GetJsonText("access_token").    
cToken = 'Bearer ' + STRING(lcToken).

oRequest = RequestBuilder
            :Post('<URL>',oRequestBody)
            :AddHeader('Authorization', cToken)
            :AcceptJson()
            :ContentType('application/json')
            :Request.

API reference documentation

To view the complete list of methods that you can use on an HTTP request object, refer to the RequestBuilder reference documentation or see the OpenEdge.Net API Reference documentation. To learn more about methods that you can invoke on a Credentials object, see the Credentials API reference documentation.