The TScSASLMechanism class implements the SASL mechanism (Simple Authentication and Security Layer) for authentication in various protocols.

The SASL mechanism is supported by the SMTP, POP3, IMAP, and other application protocols.

TScSASLMechanism is an abstract base class that provides methods for authentication. The methods should be overridden in descendant classes.


The SASL authentication flow is as follows.

Some protocols support the Initial Client Response mechanism, which allows to start the authentication process after receiving initialized data from server, without first sending the name of a SASL mechanism. For such protocols, the TryStartAuthenticate method is invoked, and the result is returned to the SASL server.  

If a protocol does not support Initial Client Response, an authentication request message containing the name of a SASL mechanism is sent to the server, and if the server supports the mechanism, the StartAuthenticate method is called, which handles the challenge received from the SASL server and returns a response that will be sent to the server.

The server returns a response which is passed to the ContinueAuthenticate method that handles it and returns a response that will be sent to the server.

ContinueAuthenticate can be called in response to each server request until the server confirms successful authorization.


See also










SecureBridge Components, Copyright © 2007-2021 Devart. All Rights Reserved. Provide Feedback Visit Forum Request Support