This is a follow-up question to a prior question of mine. I've come to learn that when using the HTTP username/password parameters in a request, there are 2 different Get requests expected to be sent to the server. The first attempt does not include username/password credentials, but if authentication fails, it then sends another identical request which does include these credentials.
While using Indy's TIdHTTP however, it only sends one request, which fails with Unauthorized. It takes a second identical consecutive request to actually be able to get a response as needed.
I'm wondering, is this by design, or is it a flaw in Indy?
You need to make sure that you:
have the hoInProcessAuth flag enabled in the TIdHTTP.HTTPOptions property.
have either:
a. an OnAuthorization event handler assigned that sets the Authentication.UserName and Authentication.Password parameters, and the Handled parameter to True.
b. a non-blank string assigned to the TIdHTTP.Request.Password property.
any necessary IdAuthentication... unit(s) (such as IdAuthenticationNTLM or IdAuthenticationSSPI), or the IdAllAuthentications unit, specified in your uses clause.
If those conditions are not met, TIdHTTP will not attempt to handle HTTP-based authentication.