AGB  ·  Datenschutz  ·  Impressum  







Anmelden
Nützliche Links
Registrieren
Zurück Delphi-PRAXiS Programmierung allgemein Netzwerke DelphiXE8 and WSDL, disable authentication via Smart Card Reader

DelphiXE8 and WSDL, disable authentication via Smart Card Reader

Ein Thema von carmeloconny · begonnen am 20. Okt 2019 · letzter Beitrag vom 12. Dez 2019
Antwort Antwort
Seite 1 von 2  1 2   
carmeloconny

Registriert seit: 20. Okt 2019
9 Beiträge
 
#1

DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 20. Okt 2019, 17:31
I'm sorry* if I write in translated English.
With Delphi XE8 I imported a SOAP WSDL and use the HTTPRIO component For use authentication:

Delphi-Quellcode:
procedure HTTPRIO1HTTPWebNode1BeforePost(const HTTPReqResp: THTTPReqResp;
  Data: Pointer);
var
 auth: String;
 FUserName, FPassword : string;
begin
 FUserName:=UtenteTS;
 FPassword:=PassTS;
 auth := 'Authorization: Basic ' + TNetEncoding.Base64.Encode(FUserName + ':' + FPassword);
 HttpAddRequestHeaders(Data, PChar(auth), Length(auth), HTTP_ADDREQ_FLAG_ADD);
end;
Works well.

The problem is: when a Smart Card Reader with a digital signature card is inserted in the PC, during authentication it communicates with the smart card, opening a PIN request window.
image:
https://i.stack.imgur.com/puJ7E.jpg

I don't want this, i want to prioritize authentication through HTTPRIO1HTTPWebNode1BeforePost !

Note:

Run debug, HTTPRIO1HTTPWebNode1BeforePost, it is processed and then communication with the smart card is started. How can I disable Smart Card Reader reading?

The card with the digital signature I need connected to the PC because my program has to digitally sign documents.

Geändert von carmeloconny (20. Okt 2019 um 20:16 Uhr)
  Mit Zitat antworten Zitat
Benutzerbild von Sinspin
Sinspin

Registriert seit: 15. Sep 2008
Ort: Dubai
608 Beiträge
 
Delphi 10.3 Rio
 
#2

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 20. Okt 2019, 18:25
Hello and welcome in the DP!

If i understand you right, the smart card reader is separate and have nothing to do with the web service where you communicate with via WSDL.
But, if you try to start the authentication process for the web service then is also the smart card reader reacting?
Where is the web service running? On the same PC?
What kind of web service is it?
Stefan
Nur die Besten sterben jung
A constant is a constant until it change.
  Mit Zitat antworten Zitat
carmeloconny

Registriert seit: 20. Okt 2019
9 Beiträge
 
#3

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 20. Okt 2019, 19:57
Hello and welcome in the DP!

If i understand you right, the smart card reader is separate and have nothing to do with the web service where you communicate with via WSDL.
But, if you try to start the authentication process for the web service then is also the smart card reader reacting?
Where is the web service running? On the same PC?
What kind of web service is it?
thank you for answering. (excuse my bad english)
WSDL is a state ministerial service for the Italian national health service.
The WS requires authentication: Authentication base = 'User : Password'

When the certified card is not inserted, everything works fine.
When the Card Certificate is inserted in the Smart card reader of the PC,
during the authentication of the WS a window opens and wants the PIN of the certified card, which does not center with the authentication of the WS, this thing slows down the communication and a waste of time.

with the procedure I wrote before, using HTTPrio component works fine.
When the system has a smart card with a certificate, HTTPrio, who uses WinInet.dll (windows), starts the card request window of the card. Which I don't want!
The certificate in the authentication header must be only: User and Password.
I tried to close:
CertCloseStore (hMemoryStore, CERT_CLOSE_STORE_FORCE_FLAG)
I tried:
InternetSetOption(Data, INTERNET_OPTION_SECURITY_FLAGS, @aFlags, aFlagsSize)
Without success.

this step in the SOAPtrans.pas file is repeated twice. on the second step the card reading starts.
first step: RetVal = ERROR_INTERNET_FORCE_RETRY;
second step: RetVal = ERROR_SUCCESS;
Delphi-Quellcode:
 { line 1151 of soap.SOAPHTTPtrans.pas  Posting Data Event }
      if Assigned(FOnPostingData) then
        FOnPostingData(DatStr.Size, BuffSize);

      RetVal := ERROR_SUCCESS;
{$IFDEF UNICODE}
      HttpSendRequest(Request, nil, 0,
                      DatStr.Bytes, DatStr.Size);
{$ELSE}
      HttpSendRequest(Request, nil, 0,
                      @DatStr.DataString[1],
                      Length(DatStr.DataString));
{$ENDIF}
      RetVal := HandleWinInetError(GetLastError, Request, True);

      case RetVal of
        ERROR_SUCCESS: break;
        ERROR_CANCELLED: System.SysUtils.Abort;
        ERROR_INTERNET_FORCE_RETRY: {Retry the operation};
      end;

Geändert von carmeloconny (20. Okt 2019 um 20:14 Uhr)
  Mit Zitat antworten Zitat
carmeloconny

Registriert seit: 20. Okt 2019
9 Beiträge
 
#4

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 21. Okt 2019, 08:46
I have verified that this problem occurs with all those who use HTTPrio and authentication "Authentication base = 'User: Password". It's not just my situation.
Delphi + HTTPRio + Authentication Base + SmartCard or KeyUSB with certificate = PIN request message.
The WS accepts basic Authentication not certified by smartcard
  Mit Zitat antworten Zitat
Benutzerbild von Sinspin
Sinspin

Registriert seit: 15. Sep 2008
Ort: Dubai
608 Beiträge
 
Delphi 10.3 Rio
 
#5

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 21. Okt 2019, 09:38
As per my understanding have it to do with signing/certification of the internet connection.
There is a property "InvokeOptions" in the SOAP component. Type is SOAPInvokeOptions in the unit SOAPHTTPTrans. Maybe it is a solution to change the InvokeOptions for your requests.

OT: your english is not bad, no need to worry about
Stefan
Nur die Besten sterben jung
A constant is a constant until it change.
  Mit Zitat antworten Zitat
HolgerX

Registriert seit: 10. Apr 2006
Ort: Leverkusen
961 Beiträge
 
Delphi 6 Professional
 
#6

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 21. Okt 2019, 09:49
Hmm..

Obviously, Windows handles the smart card on its own and ignores alternative logins.

Maybe the group policies help here:
https://docs.microsoft.com/en-us/win...istry-settings

Or deactivating the SmartCard:
https://stackoverflow.com/questions/...ws-10/38474107
(Ja ich Verwende Delphi 6 Pro und will NICHT wechseln!)
  Mit Zitat antworten Zitat
Benutzerbild von Sinspin
Sinspin

Registriert seit: 15. Sep 2008
Ort: Dubai
608 Beiträge
 
Delphi 10.3 Rio
 
#7

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 21. Okt 2019, 14:24
As i understood it, the smart card is needed for an part of the application. So its not possible to deactivate it over all.
Group policy would only help at the local PC but i don't think the programm is made for private use.
Stefan
Nur die Besten sterben jung
A constant is a constant until it change.
  Mit Zitat antworten Zitat
carmeloconny

Registriert seit: 20. Okt 2019
9 Beiträge
 
#8

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 22. Okt 2019, 13:44
As per my understanding have it to do with signing/certification of the internet connection.
There is a property "InvokeOptions" in the SOAP component. Type is SOAPInvokeOptions in the unit SOAPHTTPTrans. Maybe it is a solution to change the InvokeOptions for your requests.

OT: your english is not bad, no need to worry about
I setting "InvokeOptions" [soIgnoreInvalidCert, soPickFirstClientCertificate]


Normally, with these settings it works, if I change I get an error.
I tried the various combinations but without success.
  Mit Zitat antworten Zitat
carmeloconny

Registriert seit: 20. Okt 2019
9 Beiträge
 
#9

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 22. Okt 2019, 13:45
Hmm..

Obviously, Windows handles the smart card on its own and ignores alternative logins.

Maybe the group policies help here:
https://docs.microsoft.com/en-us/win...istry-settings

Or deactivating the SmartCard:
https://stackoverflow.com/questions/...ws-10/38474107
The card must be connected to the PC, because in another process of the program it is necessary to sign pdf file.
  Mit Zitat antworten Zitat
Benutzerbild von Sinspin
Sinspin

Registriert seit: 15. Sep 2008
Ort: Dubai
608 Beiträge
 
Delphi 10.3 Rio
 
#10

AW: DelphiXE8 and WSDL, disable authentication via Smart Card Reader

  Alt 22. Okt 2019, 15:56
As workaround, would it be possible to ask the customer/user to remove the card as long not needed? Then should it work for now.
As reason can you mention that it is for savety to have the card only in the reader if the signing process is needed.

That gives you also more time to find a better solution. And you can still proceed with the programming.

Also, did you tried another component for sending the requests? For some not really Delphi compatible WSDL's used i another component. Its a bit more work to send the requests and analyse the response, but its stable working since years. Its called IP*Works / IP*Works SSL from NSoftware.
You can not really import the WSDL, but since its just pieces of XML data which is send to the server and you get another piece back it might work.
Stefan
Nur die Besten sterben jung
A constant is a constant until it change.
  Mit Zitat antworten Zitat
Antwort Antwort
Seite 1 von 2  1 2   

Themen-Optionen Thema durchsuchen
Thema durchsuchen:

Erweiterte Suche
Ansicht

Forumregeln

Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.

BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are aus

Gehe zu:

Impressum · AGB · Datenschutz · Nach oben
Alle Zeitangaben in WEZ +1. Es ist jetzt 12:09 Uhr.
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz