ISAPI app with ASP.NET connecting via TCP to a server

Hi! I need som help with a D8 solution. I just bought D8, and there is alot of differenses between D5 and D8.

I need a Web solution on an IIS connecting to a server and recieve data and present it on the web.

Meaning: A login check via the web server, from the webserver to the internal server and then present the result on the web.
I have never used .NET so if it is possible to help me with a start up project, this would be great.

More points will be given on delivery of a project.

I have a D5 solution for this today, but I would like to have a .NET solution, possibly with some type of cryptation at least for the password if possible.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed NasmanSoftware DeveloperCommented:

   Webbroker doesn't include with Delphi 8, so you can't develop ISAPI with Delphi 8, the way you should go with is application

But I think if you go with Web Services the work you want to done will be more easier, and you can use windows and web application as clients to connect to your web service

here's some articles to help you to build that for Delphi 8 and Delphi 6/7,1418,10005,00.html


mersanAuthor Commented:
I will have a look, but I have some time presure, so if you can help me with some code specific for this problem, it will help me alot.

Mohammed NasmanSoftware DeveloperCommented:
could you explain more for what would you like to accomplish
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Wim ten BrinkSelf-employed developerCommented:
It's been a while since I worked with D8 again on a web-application with logon functionality, but it's not as difficult as you think. When you create a new ASP.NET project with Delphi 8, and save it, there will be a file called "web.config" in your project folder. As you could have guessed, this is where you set up the configuration for your project when it is running! ASP.NET will read this file and set up default values, and -if specified- it will check if the user is logged on or not. Best thing to do is Google for it since I myself was a bit limited by my web provider in the ways that I could use to log on. Still, is a very easy example of what I've done for a hobby page of mine. Too bad I'd hidden the logoff button a bit. (On the "Merchant" page at the bottom.) It's a crappy page, btw... I started with it when I first bought Delphi 8 but never found time to finish it.

The web.config file for that page of mine looks like this: (Without the comments)

<?xml version="1.0" encoding="utf-8" ?>
    <compilation debug="false"  defaultLanguage="c#">
    <customErrors mode="Off" />
    <authentication mode="Forms">
      <forms name=".Merchants" loginUrl="login.aspx" protection="All" timeout="60" path="/" slidingExpiration="true">
      <deny users="?"/>
    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true"/>
    <sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;user id=sa;password=" cookieless="false" timeout="20"/>
    <globalization requestEncoding="utf-8" responseEncoding="utf-8"/>

The important parts are the authentication and authorization parts. In the authorization I deny access to everyone. Thus, everyone has to authenticate first. And for authentication they have to visit the logon page, which responds on the buttonclick. The code behind this click is simple. I open a database connection, search for username and password and if ffound, I call:
  System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Recs.Fields['FirstName'].Value.ToString, CheckBoxRemember.Checked);
and afterwards, the user is authenticated, thus logged in.
The fun thing is that ASP.NET will maintain information if the user is logged on or not and will even require the user to log on again once his logon info has expired.

However, I used a HTTP:// link to the logon page, while a HTTPS:// would be more secure. Then again, this is a limitation of my webserver which doesn't (easily) support secure connections...
mersanAuthor Commented:
Hi Alex, this sounds good, the only differense is that I want to have a socket connection between the web server and an application that will return values some thing like this.

Web page (login) -> web server -> win application

The win applicetion will check with a server/database if the login is correct. and send the result to the web client.

Web page (login) <- web server <- win application

I will use an IIS-server so the secure should not be a problem I think.

What is the best way to continue from here? Can you deliver a sample project? I will start an ASP.NET project and we´ll se where i get stuck.
Wim ten BrinkSelf-employed developerCommented:
For a sample app I would first have to install D8 again, so that's a no. Sorry...
If you need to connect to a remote server for authentication then you can easily do this from the logon form, though. What I did was:

unit Login;


  System.Collections, System.ComponentModel, System.Data, System.Drawing, System.Web, System.Web.SessionState, System.Web.Security, System.Web.UI, System.Web.UI.WebControls, System.Web.UI.HtmlControls, ADODB, untDatabase;

  TWebFormLogin = class(System.Web.UI.Page)
  {$REGION 'Designer Managed Code'}
  strict private
    procedure InitializeComponent;
    procedure ButtonSubmit_Click(sender: System.Object; e: System.EventArgs);
  strict private
    procedure Page_Load(sender: System.Object; e: System.EventArgs);
  strict protected
    TextBoxUsername: System.Web.UI.WebControls.TextBox;
    TextBoxPassword: System.Web.UI.WebControls.TextBox;
    ButtonSubmit: System.Web.UI.WebControls.Button;
    CheckBoxRemember: System.Web.UI.WebControls.CheckBox;
    LiteralInfo: System.Web.UI.WebControls.Literal;
    RequiredFieldValidator1: System.Web.UI.WebControls.RequiredFieldValidator;
    procedure OnInit(e: EventArgs); override;


{$REGION 'Designer Managed Code'}
/// <summary>
/// Required method for Designer support -- do not modify
/// the contents of this method with the code editor.
/// </summary>
procedure TWebFormLogin.InitializeComponent;
  Include(Self.ButtonSubmit.Click, Self.ButtonSubmit_Click);
  Include(Self.Load, Self.Page_Load);

procedure TWebFormLogin.Page_Load(sender: System.Object; e: System.EventArgs);
  if (TextBoxUsername.Text.Length = 0) then TextBoxUsername.Text := 'Guest';
  if (TextBoxPassword.Text.Length = 0) then TextBoxPassword.Text := 'guest';
  LiteralInfo.Text := 'For guests, use "Guest" as username and "guest" as password.';

procedure TWebFormLogin.OnInit(e: EventArgs);
  inherited OnInit(e);

procedure TWebFormLogin.ButtonSubmit_Click(sender: System.Object; e: System.EventArgs);
  Conn: Connection;
  Recs: Recordset;
  Conn := NewConnection(Context.Request.PhysicalApplicationPath);
  Recs := NewRecordset(Conn, 'select * from users');
  Recs.Filter := 'Username = ''' + TextBoxUsername.Text.Trim.ToUpper + '''';
  if (Recs.RecordCount = 0) then begin
    LiteralInfo.Text := 'Username "' + TextBoxUsername.Text.Trim + '" not found. Please try again.';
  end else if Recs.Fields['Password'].Value.ToString.Equals(TextBoxPassword.Text) then begin
    System.Web.Security.FormsAuthentication.RedirectFromLoginPage(Recs.Fields['FirstName'].Value.ToString, CheckBoxRemember.Checked);
  end else begin
    LiteralInfo.Text := 'Invalid password. Please try again.';


Page_Load just sets up default login information in the editboxes but you could retrieve them from a cookie or from some other source. All other methods except ButtonSubmit_Click and Page_Load were created by D8, btw. And in ButtonSubmit_Click I know the user clicked on Logon so I check his credentials there.
At that point, you could connect to another server like I connected to a database. The NewConnection() and NewRecordset() are just two simple functions I created to connect to an Access database with the user information.
However, you do have to keep in mind that your web application must have access rights to connect to the second server, else IIS will just block it. (And this too is a limitation of my own webserver, since it doesn't allow webapps to connect to other locations on the Internet.)

Basically, you get:
Client logs in [username, password]
Server 1 forwards [username, password]
Server 2 validates [username, password]

And if the data is valid, we continue with:
Server 2 validated ok [username]
Server 1 Authenticates [username]
Client is logged on.

If invalid, we get this:
Server 2 reports error
Server 1 returns error
Client is NOT logged in and has to try again.

Notice that if the user fails, the form is just re-used but LiteralInfo gets some value that is displayed to the user. It could be made even more complicated but hey, it was my first test 5 months ago and I've forgotten most about it again since I returned to Delphi 5 at work. (And Delphi 7 at home.) I like Delphi 8 yet am not too comfortable about it yet.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mersanAuthor Commented:
I will test this first thing tomorrow.
mersanAuthor Commented:
I tested it, but I cannot make it work. I will not communicate with my webserver.

Never mind, I will try to make it work.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.