I am using the new Basecamp API for my iOS basecamp client app. I want the user to be able to logout and switch accounts. But I can't as the account credentials stored in the browser cache are used every time I request authorization.
I figured out I would need to flush browser cache to do this. How do I clear the browser cache?
[[NSURLCache sharedURLCache] removeAllCachedResponses];
After that, you can deleting any associated cookies with in the UIWebView:
for(NSHTTPCookie *cookie in [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies]) {
if([[cookie domain] isEqualToString:someNSStringUrlDomain]) {
[[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
}
}
Related
I have made a simple SharePoint client App for iPhone, which require access to some SharePoint web services (mainly /_vti_bin/Lists.asmx). I am having a trouble figuring out how to do this on newer SharePoint environment such as Office365.
With old BPOS environment having forms-based authentication, I was able to authenticate to those services by simply implementing didReceiveAuthenticationChallenge method;
-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSURLCredential *newCredential = [NSURLCredential credentialWithUser:username
password:password
persistence:NSURLCredentialPersistenceForSession];
[[challenge sender] useCredential:newCredential
forAuthenticationChallenge:challenge];
}
This obviously didn't work any more with SharePoint sites having claims authentication, so I did some research and found out that I need FedAuth cookies to be attached to the request.
http://msdn.microsoft.com/en-us/library/hh147177.aspx
According to this article, with .NET Apps, it seems possible to retrieve those HTTPOnly FedAuth cookies using WININET.dll, but I guess that's not available on iPhone?
Then, I saw SharePlus App presenting UIWebView and getting user to login to their Office365 account first on the browser screen (which is the same concept as explained in "Enabling User Login for Remote Authentication" section of the article above).
So, I tried to see if I can somehow get access to those FedAuth cookies by logging into Office365 account via UIWebView, but [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies] did not let me access HTTPOnly cookies.
Is there a way to achieve claims authentication on iPhone apps without needing designated intermediate .NET service for handling authentications, or requiring user to turn off HTTPOnly property on those cookies?
Sorry, I am very new to SharePoint so I may not even be looking at the right direction, but I would appreciate any advise on getting claims authentication to work on iPhone apps. Thanks in advance!
I've figured this out myself. Had to laugh at my own stupidity and impatience.
First of all, [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies] DO let you access HTTPOnly cookies. Though, when user logs into Office 365 on the UIWebView, (void)webViewDidFinishLoad:(UIWebView *)webView delegate method get called several times so you just need to wait until FedAuth appears in the cookies jar.
Here is my (void)webViewDidFinishLoad:(UIWebView *)webView implementation;
- (void)webViewDidFinishLoad:(UIWebView *)webView {
NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray *cookiesArray = [storage cookies];
for (NSHTTPCookie *cookie in cookiesArray) {
if ([[cookie name] isEqualToString:#"FedAuth"]) {
/*** DO WHATEVER YOU WANT WITH THE COOKIE ***/
break;
}
}
}
Once you have obtained the cookie, you just need to append that to the NSURLRequest using (void)setAllHTTPHeaderFields:(NSDictionary *)headerFields method when you call SharePoint web services.
Hope this helps someone.
From googling a bit, the answer to my question is "yes". But how do I test that?
I tried to inpsect the HTTP request headers (i.e. [request allHTTPHeaderFields]) in webView:shouldStartLoadWithRequest:navigationType:, but none of the request has the "Cookie" entry, even though cookies are successfully stored in [NSHTTPCookieStorage sharedHTTPCookieStorage].
try this to loop through all the cookies in the UIWebView to verify they are there
NSHTTPCookie *aCookie;
for (aCookie in [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies]) {
NSLog(#"%#", aCookie);
}
I am using async NSURLConnection to connect to a web site from iPhone. Handle didReceiveResponse is activated on response and I am trying to get all cookies, by using allHeaderFields from NSHTTPURLResponse
I see many hreader, but no Set-Cookie - it looks like iphone simulator just ignores them...
And I am sure cookies are present in response - network monitor shows they present
I do not use any http storage - all that I am trying to do is to print to log all header - and do not see cookies info
Does anybody know about this issue?
UPDATE
I have made some research: if my website returns custom header, like "Custom-Header: value" - then this header is visible in java client, but is not in iphone...
thanks
Try to look for it in the shared HTTP cookies storage:
for (NSHTTPCookie *cookie in [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies])
{
NSLog(#"name: '%#'\n", [cookie name]);
NSLog(#"value: '%#'\n", [cookie value]);
NSLog(#"domain: '%#'\n", [cookie domain]);
NSLog(#"path: '%#'\n", [cookie path]);
}
or if working in Swift:
for cookie in HTTPCookieStorage.shared.cookies!
{
NSLog("name: \(cookie.name)")
NSLog("value: \(cookie.value)")
NSLog("domain: \(cookie.name)")
NSLog("path: \(cookie.path)")
}
Try this: in your NSMutableURLRequest, you should tell it to handle cookies:
[request setHTTPShouldHandleCookies:YES];
I don't know if it matters in apps, but what is your Accept Cookies setting for Safari in the Settings app. See if changing to Always matters.
According to some sites I've seen, a complete reboot of the iPhone is required for this setting to have any effect.
I'm trying to play/stream a mp3 hosted on a website. The site requires a cookie header to be set, but I'm having trouble setting that or getting the container to do that for me.
NSURL *sampleUrl = [NSURL URLWithString:#"http://domain/files/sample.mp3"];
NSData *sampleAudio = [NSData dataWithContentsOfURL:sampleUrl];
Up until this point, I've been using jQuery to do/manage XMLHTTPRequests, but I've had to call into native code to stream the audio. It doesn't look like the cookie is getting picked up by the native HTTP request.
Is there anyway to inject the cookie into the above request, or otherwise ensure that a cookie gets added against a given domain?
Thanks
Ok, so the way to do this is not injecting headers but setting a cookie manager to always accept cookies. This will then pass on the cookie to subsequent requests.
NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
[cookieStorage setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
Robbie
Can an iPhone application read cookies previously stored by Safari Mobile?
To actually answer your question:
No.
Mobile Safari's cookies are not accessible from SDK apps. And each SDK app is given its own WebKit cache and cookie stores, so while cookies will persist within the same app, they aren't accessible betweeen apps.
As of iOS 9 this is possible!
Use a sfSafariViewController.
You will need to setup:
A custom URL scheme in your app to receive cookie data.
The website you are getting cookies from will need to implement an API specific your app's custom URL scheme, to redirect back to your app.
You can clone this repo which has a fully working demo of this.
Hope this helps,
Liam
There is actually an interesting way if you have access to a server url.
In your app launch the server url with mobile safari.
The target server url reads the cookie and redirects back to an app specific url (myapp://cookie=123)
The app is then switched back and you can read that value from the url handler
It's a little hacky as the app would switch mobile safari and then immediately switch back to the app. But, it is possible.
Note that on iOS 8, you're probably better using Safari Password Sharing to solve some of the use cases that give rise to this problem.
This is not directly possible, but with the cooperation of the web site it is possible.
To clarify, the user case is that an Objective C application wants to read the value of a cookie that has been set by a website in mobile safari. (ie. in particular, a UIWebView was not involved in setting the cookie)
Your app should do this:
Launch mobile safari, using [[UIApplication sharedApplication] openURL:url];
The URL should be a special one, eg. http://yourwebsite.com/give-ios-app-the-cookie
On your website, when that url is launched, issue a redirect to your-app-url-scheme:cookievalue= (eg. angrybirds:cookievalue=hh4523523sapdfa )
when your app delegate receives - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation process the url to get the cookie value
Note that you should not do this automatically when the application starts - the user will see the transfer to Mobile Safari and back, which is not a good user experience and Apple will reject your app (Apple also consider this to be "uploading user's personal data to server without their prior consent"). It would be better to do it in response to the user, paying attention to the user experience - eg. wait for the user to hit a "login" button, then do it, and if the user is not logged into your website, http://yourwebsite.com/give-ios-app-the-cookie should show the user the login screen within safari. If the user is logged in you could briefly show a "Automatically logging you in..." screen for a second or two in Safari before redirecting the user back.
There's no way to get this to work with hotmail/gmail/etc of course - it needs to be your own website.
Credit goes to Unique Identifier for both mobile safari and in app in iOS for suggesting this kind of approach.
Because of sandboxing on the iPhone you don't have access to Safari's cookies. You can only access cookies created within your application - by an UIWebView for example.
Although you have asked the same question twice before, here's one approach not yet mentioned...
This may be a little convoluted, but you can do Greasemonkey-esque things with a UIWebView. Something like this:
Load your target page
craft some javascript which will read the document.cookie and return the data you need
In the webViewDidFinishLoad delegate, inject this javascript into the UIWebView with the stringByEvaluatingJavaScriptFromString message
I've used this technique to enhance 3rd party pages in an iPhone app, but I'm not sure if it will read cookies from the same place as Safari mobile.
Worth a shot though?
Here's my utils get/set cookie methods.
+(void)setCookie:(NSString *)key withValue:(NSString *)value {
NSArray *keys = [NSArray arrayWithObjects:
NSHTTPCookieDomain,
NSHTTPCookieExpires,
NSHTTPCookieName,
NSHTTPCookiePath,
NSHTTPCookieValue, nil];
NSArray *objects = [NSArray arrayWithObjects:
#"YOURDOMAIN",
[NSDate distantFuture],
key,
#"/",
value, nil];
NSDictionary *dict = [NSDictionary dictionaryWithObjects:objects forKeys:keys];
NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:dict];
NSHTTPCookieStorage *sharedHTTPCookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
[sharedHTTPCookieStorage setCookie:cookie];
}
+(NSString *)getCookie:(NSString *)key {
NSHTTPCookieStorage *sharedHTTPCookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray *cookies = [sharedHTTPCookieStorage cookiesForURL:[NSURL URLWithString:#"YOURDOMAIN"]];
NSEnumerator *enumerator = [cookies objectEnumerator];
NSHTTPCookie *cookie;
while (cookie = [enumerator nextObject])
{
if ([[cookie name] isEqualToString:key])
{
return [cookie value];
}
}
return nil;
}
You might want to check
if ([[NSHTTPCookieStorage sharedHTTPCookieStorage] cookieAcceptPolicy] != NSHTTPCookieAcceptPolicyAlways) {
[[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
}
But apparently NSHTTPCookieStorage does not even hold cookies from the last request in the current application on iOS (rdar://8190706)