I'm trying to send out a very simple ASIHTTPRequest with https. Although I have set the validatesSecureCertificate flag to "NO", I still get an odd response for my request:
A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)
The code I am using is pretty straightforward, I am removing the actual parameters for security reasons:
NSURL *url = [NSURL URLWithString:#"https://secured.cet.ac.il/KotarServices/getMyBooks.aspx?username=xxxxxxxx&password=xxxxx&packageid=x"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request setDidFailSelector:#selector(getMyBooksFailedWithError:)];
[request setDidFinishSelector:#selector(getMyBooksFinishedWithResult:)];
[request setDelegate:self];
[request setValidatesSecureCertificate:NO];
[request startAsynchronous];
Digging deeper into the code, I see that the request fails on a "-9807" error code, which is related only to the operating system and has nothing to do with the server I am interacting with (SecureTransport.h maps this out to be "invalid certificate chain"). Any ideas how to overcome this issue? Thanks in advance.
I remember i had a similar problem with a GoDaddy certificate and had to make the following change in ASIHTTPRequest.m, below the comment "Handle SSL certificate settings", inside the if(![self validatesSecureCertificate]), around line 1160:
[sslProperties setObject:(NSString *)kCFBooleanTrue forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];
I ran into this with a GoDaddy certificate I just bought today. One correction to trydis's solution: I think you want this outside the if(![self validatesSecureCertificate]), since you actually want to validate the certificate. As the comment says, stuff inside the if clause "tells CFNetwork not to validate SSL certificates". TBH, I have no idea why the GoDaddy certificate is being interpreted by the client as a root certificate, which is what's necessitating this change in the first place.
Related
I am using ASIHTTPRequest in my IOS application to call a wsdl/SOAP web services. my clients use a security mod ( with his ModSecurity / a PHP code).
i am using this :
NSData *xmlData = // I construct the soap message witk soapui
NSURL *url = [NSURL URLWithString:#"https:myUrlWSDL"];
self.currentRequest = [ASIFormDataRequest requestWithURL:url];
[self.currentRequest appendPostData:xmlData];
[self.currentRequest setDelegate:self];
[self.currentRequest startAsynchronous];
But the server send to me the 400 bed request.
How i can, please, do to call my wsdl/web services with all this security mode ? what are the http headers required to call the web services ? thanks for your answers
i have disabled the secure module. now i have this error :
WSDLSOAP-ERROR: Parsing WSDL: Couldn't load from 'http://...?wsdl' : failed to load external entity "http://...?wsdl"
That's how you use ASI to call a secure connection - you're doing everything correctly.
The problem must be in your code that creates the xmlData - what other error information can you get back from your clients server?
You might also need to add more headers to the request (though thats also something that your clients should be able to tell you) - e.g.
[request addRequestHeader:#"Referer" value:#"http://allseeing-i.com/"];
I am creating an iOS application with a Ruby on Rails backend. I've got my logic setup and working in Rails, and have verified by testing in a web browser. My Rails application will not respond properly to my iOS application, saying something about an authenticity token.
I have setup an authenticity token in application.rb with the following code (I did a server reboot after adding this):
protect_from_forgery :secret => 'some_secret_here'
I'm passing the authenticity token from iOS to Rails with ASIHTTPRequest using the following code:
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
[request setPostValue:#"some_secret_here" forKey:#"authenticity_token"];
[request setPostValue:#"some value" forKey:#"some_parameter"];
[request setDelegate:self];
[request startAsynchronous];
Is there anything I'm missing or doing wrong?
This same code works fine with allow_forgery_protection set to false, so I assume the error lies in how I'm trying to pass the authenticity token.
The authenticity token is different for each page/request, so you need to find a way to send it through the pipe some other way.
Maybe try sending it via headers, like so:
class ApplicationController < ActionController::Base
before_filter :send_form_authenticity_token
private
def send_form_authenticity_token
response.headers['X-Authenticity-Token'] = form_authenticity_token
end
end
On the response callback of your first (and following) request(s), you need to do:
NSString *authenticityToken = [[request responseHeaders] objectForKey:#"X-Authenticity-Token"];
This implies that the first request you do is a GET one.
Would be better to have a global state variable, but this is the basic concept.
By the way, and just so you know, you don't need forgery protection if your rails application is just a backend sorts of app.
Forgery protection is there to avoid XSS attacks, and that wouldn't happen on the iPhone.
I am creating my first iPad app. I have a web application that I would like to authenticate against and pull data from in a RESTful way.
If you open up the URL in the browser (https://myapp.com/auth/login), you will get a form to enter your username and password. I was thinking I could set the login credentials in the post data of the request and submit the data.
The site uses HTTPS for login so that credentials aren't passed in plain text over the internet.
How can I make a secure HTTPS connection to pass credentials? Will this remember that I am logged in for future requests? What is the best way to do this?
Further update, October 2013
Although at the time I wrote this answer, ASIHTTPRequest was maintained a widely supported, this is no longer the case. It is not recommended for new projects - instead use NSURLConnection directly, or use AFNetworking.
With AFNetworking, there is a [httpClient setAuthorizationHeaderWithUsername:username password:password]; method for http authentication, and create a POST style form is equally easy - see AFNetworking Post Request for that.
Original answer:
A lot of people use the ASIHTTPRequest class to deal with http & https on the iPhone/iPad, as it has a lot of useful features that are difficult or time consuming to achieve with the built in classes:
http://allseeing-i.com/ASIHTTPRequest/
Starting at the simplest level you'd start with something like:
NSURL *url = [NSURL URLWithString:#"http://allseeing-i.com"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request startSynchronous];
NSError *error = [request error];
if (!error) {
NSString *response = [request responseString];
NSLog(#"response = %#", response);
}
If you're using HTTP authentication, ASIHTTPRequest will automatically prompt the user for the username and password.
IF you're using some other form of authentication you probably need to request the username and password from the user yourself, and submit them as a POST value or a custom http header, and then the response may either include a token in a JSON or XML response, or it could set a cookie.
If you add more details as to how the authentication scheme works I can be a bit more specific.
Update
Based on the update, to emulate a POST form you'd just need to add lines like:
[request addPostValue:usernameString forKey:#"username"];
[request addPostValue:passwordString forKey:#"password"];
You will also need to change the way you create the request, instead of:
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
do:
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
(I also forget to mention it above, there's code I put earlier is using a synchronous request, so you'd want to replace it with an asynchronous one to avoid blocking the UI once you'd proved it was working.)
There's a JSON framework for the iphone here:
http://code.google.com/p/json-framework/
which works well for me and is simple to use with ASIHTTPRequest.
I need to login here. I've tried the ASIHTTPRequest and ASIFormDataRequest.
None of them works as expected. I only got the data from the loginpage in the response string, not the data from the secure area.
What am I doing wrong here?
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:#"https://www.blau.de/"]];
[request setPostValue:#"USERNAME" forKey:#"quickLoginNumber"];
[request setPostValue:#"PASSWORD" forKey:#"quickLoginPassword"];
[request startAsynchronous];
There are a couple of good tools you can use to try to debug this. In all likelihood there is a 302 redirect after logging in. You can watch for that (among other conditions) using tools such as:
HTTPScoop (worth the $15 bux): http://www.tuffcode.com/
Live Headers (a free FireFox plugin): https://addons.mozilla.org/en-US/firefox/addon/3829/
Keep in mind that what you're trying to do is not simple. I've gotten it to work with some sites, but not others and the reasons for one or the other can be quite elusive.
Hi I am currently designing my second iphone app, and having a small issue.
I have the location code working correctly but I have no idea how to send the label with the location info to my server.
I was wondering and hoping someone might be able to help.
Thanks
Russell
That would depend entirely on what your PHP script expects to receive. Your most obvious choices would be to put the coordinates in the query string or in a POST request.
Use ASIHTTPRequest for http requests. http://allseeing-i.com/ASIHTTPRequest/
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
[request setPostValue:#"Josh" forKey:#"first_name"];
[request setPostValue:#"Highland" forKey:#"last_name"];
[request start];