TIWAutherList  //通过一组户名与密码验证登陆TIWAutherINI   //通过记录户名与密码信息的 #Auth.ini 文件验证登陆TIWAutherEvent //通过其 OnCheck 事件验证登陆{作为站点级的验证, 验证控件应该是放在 ServerController 的窗体上, 并与其 Auther 属性关联.}

property List: TStrings	//户名与密码表; 每行按 User=Pass 的格式输入property AutherPolicy: TAutherPolicy //该属性有两个选项 apRestrictAll(默认)、apRestrictNone(选这个表示不执行验证)property OnAuthenticate: TOnAuthenticate //验证成功后执行的事件 

{在 ServerController 的窗体上放置 IWAutherList1, 然后双击该窗体(激活其 OnCreate 事件)}procedure TIWServerController.IWServerControllerBaseCreate(Sender: TObject);begin  Self.Auther := IWAutherList1;  IWAutherList1.List.Add(‘aaa=111‘);  IWAutherList1.List.Add(‘bbb=222‘);  IWAutherList1.List.Values[‘ccc‘] := ‘333‘;end;{这就好了, 如果在设计时完成上面工作会更方便}

property AutherPolicy: TAutherPolicy //property OnAuthenticate: TOnAuthenticate //{它需要的 ini 文件须命名为 #Auth.ini(它会保证不被用户读取, 应该使用 UTF8 格式保存), 并且和程序文件放在同一目录(而非 wwwroot 下)}{其格式规范:--------------------[户名1]Password=密码1[户名2]Password=密码2...------------------------------}{建好文件, 放对地方, 再关联上 Auther 属性就可以了}

property AutherPolicy: TAutherPolicy //property OnCheck: TOnCheck		 //就是在该事件中验证; 假如要从数据库验证就应该用这种方法property OnAuthenticate: TOnAuthenticate //{更多时候可能需要把验证函数写在 UserSessionUnit 单元(譬如通过数据库验证时), 这时应该保证 IWServerController.AuthBeforeNewSession = False(这也是默认值)}

{IWAutherEvent1 的 OnCheck 事件}function TIWServerController.IWAutherEvent1Check(const aUser, aPass: string): Boolean;begin  Result := aPass = aUser + ‘123‘; //假如密码是: 用户名+123end;{需要保证关联到 Auther 属性}procedure TIWServerController.IWServerControllerBaseCreate(Sender: TObject);begin  Auther := IWAutherEvent1;end;

{UserSessionUnit.pas}unit UserSessionUnit;interfaceuses  IWUserSessionBase, SysUtils, Classes;type  TIWUserSession = class(TIWUserSessionBase)  private  public    function MyCheck(const AUser, APass: string): Boolean;  end;implementation{$R *.dfm}{ TIWUserSession }function TIWUserSession.MyCheck(const AUser, APass: string): Boolean;begin  Result := APass.ToLower = AUser.ToLower + ‘123‘;end;end.{-------------------------------------------------}{ServerController.pas, 有注释的是自己添加的代码}unit ServerController;interfaceuses  SysUtils, Classes, IWServerControllerBase, IWBaseForm, HTTPApp,  UserSessionUnit, IWApplication, IWAppForm, IW.Browser.Browser, IWAutherEvent, IWAutherINI, IWAutherBase, IWAutherList;type  TIWServerController = class(TIWServerControllerBase)    IWAutherEvent1: TIWAutherEvent;    procedure IWServerControllerBaseNewSession(ASession: TIWApplication);    procedure IWServerControllerBaseCreate(Sender: TObject);    function IWAutherEvent1Check(const aUser, aPass: string): Boolean;  private  public  end;function UserSession: TIWUserSession;function IWServerController: TIWServerController;implementation{$R *.dfm}uses  IWInit, IWGlobal;function IWServerController: TIWServerController;begin  Result := TIWServerController(GServerController);end;function UserSession: TIWUserSession;begin  Result := TIWUserSession(WebApplication.Data);end;{IWAutherEvent1 的 OnCheck 事件, 调用 UserSessionUnit.TIWUserSession 的验证函数}function TIWServerController.IWAutherEvent1Check(const aUser, aPass: string): Boolean;begin  Result := UserSession.MyCheck(aUser, aPass);end;{OnCreate 事件, 这个关联可以在设计时做}procedure TIWServerController.IWServerControllerBaseCreate(Sender: TObject);begin  Auther := IWAutherEvent1;end;procedure TIWServerController.IWServerControllerBaseNewSession(ASession: TIWApplication);begin  ASession.Data := TIWUserSession.Create(nil, ASession);end;initializationTIWServerController.SetServerControllerClass;end.