(Delphi) HTTP Authentication (Basic, NTLM, Digest, Negotiate/Kerberos)

Demonstrates how to use HTTP authentication. Authentication can be added to any method that sends an HTTP request to the server, such as SynchronousRequest, QuickGetStr, PostXml, etc. To add authentication, simply set the Login and Password properties.

By default, Chilkat will use basic HTTP authentication, which sends the login/password clear-text over the connection. This is bad if SSL/TLS (i.e. HTTPS) is not used. However, if the connection is secure, there should be nothing wrong with using basic authentication.

Chilkat supports more secure authentication types as well, including Digest, NTLM, and Negotiate (which dynamically chooses between NTLM and Kerberos). To use Digest authentication, simply set the DigestAuth property = 1. To use NTLM authentication, set the NtlmAuth property = 1. Likewise, to use Negotiate authentication, set the NegotiateAuth property = 1.

Important: Negotiate authentication is only supported for the Chilkat implementations that run on the Windows platform. This is because it is implemented internally using Microsoft's SSPI API. NTLM authentication however, is available for all supported operating systems because Chilkat implements NTLM directlly (i.e. does not use Microsoft SSPI for the underlying implementation.)

Download Chilkat HTTP ActiveX

uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
    Dialogs, StdCtrls,
    CHILKATHTTPLib_TLB,
    OleCtrls;

...

procedure TForm1.Button1Click(Sender: TObject);
var
http: TChilkatHttp;
success: Integer;
html: String;
http2: TChilkatHttp;
http3: TChilkatHttp;

begin
http := TChilkatHttp.Create(Self);

//  Any string unlocks the component for the 1st 30-days.
success := http.UnlockComponent('Anything for 30-day trial');
if (success <> 1) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

//  Set the Login and Password properties for authentication.
http.Login := 'chilkat';
http.Password := 'myPassword';

html := http.QuickGetStr('http://localhost/xyz.html');
//  Note:
if (Length(html) = 0 ) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

//  Examine the HTTP status code returned.
//  A status code of 401 is typically returned for "access denied"
//  if no login/password is provided, or if the credentials (login/password)
//  are incorrect.
Memo1.Lines.Add('HTTP status code for Basic authentication: '
     + IntToStr(http.LastStatus));

//  Examine the HTML returned for the URL:
Memo1.Lines.Add(html);

http2 := TChilkatHttp.Create(Self);

//  To use NTLM authentication, set the
//  NtlmAuth property = 1
http2.NtlmAuth := 1;

//  The session log can be captured to a file by
//  setting the SessionLogFilename property:
http2.SessionLogFilename := 'ntlmAuthLog.txt';

//  Examination of the HTTP session log will show the NTLM
//  back-and-forth exchange between the client and server.

//  This call will now use NTLM authentication (assuming it
//  is supported by the web server).
html := http2.QuickGetStr('http://localhost/xyz.html');
//  Note:
if (Length(html) = 0 ) then
  begin
    Memo1.Lines.Add(http2.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('HTTP status code for NTLM authentication: '
     + IntToStr(http2.LastStatus));

http3 := TChilkatHttp.Create(Self);

//  To use Digest Authentication, set the DigestAuth property = 1
//  Also, no more than one of the authentication type properties
//  (NtlmAuth, DigestAuth, and NegotiateAuth)  should be set
//  to 1.
http3.DigestAuth := 1;

http3.SessionLogFilename := 'digestAuthLog.txt';

//  This call will now use Digest authentication (assuming it
//  is supported by the web server).
html := http3.QuickGetStr('http://localhost/xyz.html');
//  Note:
if (Length(html) = 0 ) then
  begin
    Memo1.Lines.Add(http3.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('HTTP status code for Digest authentication: '
     + IntToStr(http3.LastStatus));
end;