Delphi 如何清除Indy TIdHTTP基本身份验证凭据？

我正在使用Indy TIdHTTP进行基本身份验证的get请求

代码工作正常，但如果用户使用正确的登录密码重新键入凭据并再次发送请求，则在第一次401之后，TIDWTTP不会清除基本身份验证凭据。用户必须登录两次才能授权

用户操作顺序：

第一步。用户类型错误登录密码：ResponseCode=401

第二步。用户类型权限登录密码：ResponseCode=401

第三步。用户类型右登录密码：ResponseCode=200

我认为第二步的结果是一个bug。我该怎么办

简单代码：

var
IdHTTP1: TIdHTTP;

fLogin : string;
fPassword : string;

/// ...

if ( fLogin <> '' ) and ( fPassword <> '' )
  then
    begin
    if ( IdHTTP1.Request.Username <> fLogin )
        or
       ( IdHTTP1.Request.Password <> fPassword )
      then
        begin  
          IdHTTP1.Request.BasicAuthentication := True;
          IdHTTP1.Request.Username := fLogin;
          IdHTTP1.Request.Password := fPassword;
        end;

      s := IdHTTP1.Get( 'some_url' );          
      response_code := Idhttp1.response.ResponseCode;

      case response_code of
        200:
          begin
               // parse request data
          end;
        401 : Result := nc_res_Auth_Fail;
        else Result := nc_res_Fail;
       end;
end;

---

您应该在更改之前清除身份验证

  if Assigned(IdHTTP1.Request.Authentication) then
    begin
      IdHTTP1.Request.Authentication.Free;
      IdHTTP1.Request.Authentication:=nil;
    end;

或者你可以这样改变它

  if Assigned(IdHTTP1.Request.Authentication) then
    begin
      IdHTTP1.Request.Authentication.Username:=...;
      IdHTTP1.Request.Authentication.Password:=...;
    end else
    begin
      IdHTTP1.Request.BasicAuthentication:=True;
      IdHTTP1.Request.Username:=...;
      IdHTTP1.Request.Password:=...;
    end;

---

您应该在更改之前清除身份验证

  if Assigned(IdHTTP1.Request.Authentication) then
    begin
      IdHTTP1.Request.Authentication.Free;
      IdHTTP1.Request.Authentication:=nil;
    end;

或者你可以这样改变它

  if Assigned(IdHTTP1.Request.Authentication) then
    begin
      IdHTTP1.Request.Authentication.Username:=...;
      IdHTTP1.Request.Authentication.Password:=...;
    end else
    begin
      IdHTTP1.Request.BasicAuthentication:=True;
      IdHTTP1.Request.Username:=...;
      IdHTTP1.Request.Password:=...;
    end;

您应该为每个请求设置Request.UserName和Request.Password属性，然后在服务器请求时使用OnAuthorization事件检索新凭据，例如：

procedure TSomeClass.HttpAuthorization(Sender: TObject; Authentication: TIdAuthentication; var Handled: Boolean);
begin
  if GetNewCredentials() then
  begin
    Authentication.UserName := ...;
    Authentication.Password := ...;
    Handled := True;
  end;
end;

//...

var
  IdHTTP1: TIdHTTP;
  fLogin : string;
  fPassword : string;

// ...

  IdHTTP1.OnAuthorization := HttpAuthorization;

  IdHTTP1.Request.BasicAuthentication := True;
  IdHTTP1.Request.Username := fLogin;
  IdHTTP1.Request.Password := fPassword;

  s := IdHTTP1.Get( 'some_url' );          
  response_code := IdHTTP1.Response.ResponseCode;

  case Response_Code of
    200:
      begin
        // parse request data
      end;
    401 : Result := nc_res_Auth_Fail;
  else
    Result := nc_res_Fail;
  end;
end;

TIdHTTP将在内部继续重新尝试登录，每次触发授权，直到服务器停止发送401回复或到达TIdHTTP.MaxAuthRetries，以先到者为准。

您应该设置每个请求的Request.UserName和Request.Password属性，然后，如果服务器请求，则使用OnAuthorization事件检索新凭据，例如：

procedure TSomeClass.HttpAuthorization(Sender: TObject; Authentication: TIdAuthentication; var Handled: Boolean);
begin
  if GetNewCredentials() then
  begin
    Authentication.UserName := ...;
    Authentication.Password := ...;
    Handled := True;
  end;
end;

//...

var
  IdHTTP1: TIdHTTP;
  fLogin : string;
  fPassword : string;

// ...

  IdHTTP1.OnAuthorization := HttpAuthorization;

  IdHTTP1.Request.BasicAuthentication := True;
  IdHTTP1.Request.Username := fLogin;
  IdHTTP1.Request.Password := fPassword;

  s := IdHTTP1.Get( 'some_url' );          
  response_code := IdHTTP1.Response.ResponseCode;

  case Response_Code of
    200:
      begin
        // parse request data
      end;
    401 : Result := nc_res_Auth_Fail;
  else
    Result := nc_res_Fail;
  end;
end;

TIdHTTP将在内部继续重新尝试登录，每次都触发OnAuthorization，直到服务器停止发送401回复或到达TIdHTTP.MaxAuthRetries，以先发生的为准