I want to download a file from server using https protocol I am using NSUrlConnection but that would not work.any sample code is appreciated
I'd recommend using ASIHTTPRequest which is a great library for handling web services. You can of course roll your own with NSURLConnection, but the advantage of the library is that it handles all the authentication and certificate issues that can arise and generally gives you a more robust and generic solution.
Post some code if you'd rather not use the library, I suspect it might be you are accessing a site that doesn't have a fully valid certificate as IIRC the default behaviour of the iOS is to reject the certificates unless you explicitly allow them as this is the more secure option.
Checkout ASIHTTPRequest
,Use it for network related stuff. Really useful.
Related
I am facing a challenge to upload & download data, to and from the server using RESTful web services.
Is it possible to use a RESTful service client, if possible any way to achieve that in an iOS app to send data to the service.
#Ajay: As Claus mentioned there are number of public frameworks/wrappers are there, you can use them for RESTful service interaction from your code. The one I frequently use is ASIHttpRequest, quite handy and easy to use. There are enough examples out there with ASIHttpRequestyou can use it as reference.
Let me know if that helps.
You question is not clear. Do you need to push data from the server to the iOS app using a REST service?
If so, REST does not provide an interface for push. (It only provides a client->server Create/Read/Update/Delete API).
Take a look at ASIHTTPRequest or use RestKit for some more advanced stuff!
RestKit works really nice!
been wrestling with this for some time. I am trying to access a REST api on my iphone and came across the ASIHTTP framework that would assist me. So i did something like
//call sites, so we can confirm username and password and site/sites
NSURL *url = [NSURL URLWithString: urlbase];
ASIHTTPRequest *request = [[[ASIHTTPRequest alloc] initWithURL:url] autorelease];
[request setUsername:#"doronkatz%40xx.com" ];
[request setPassword:#"xxx"];
Where urlbase is a url to a REST site.
Now, a developer has told me there might be an issue or bug with this framework, and its not passing headers correctly. Is there another way of testing or accessing with authentication a network REST location?
I would recommend checking out RestKit: http://restkit.org/ It provides an excellent API for accessing RESTful web services and representing the remote resources as local objects, including persisting them to Core Data. HTTP authentication is supported out of the box.
I'm new to iOS development and I've been battling with some of the big frameworks listed on this page for the past month or so. It has been a nightmare. I'd honestly recommend you just stick to the basics and do it yourself using AFNetworking or Apple's own NSURLConnection.
One of the libraries listed is no longer maintained. Another underwent huge code-breaking API changes recently and now half of the tutorials describing its use no longer work. Others are massively bloated.
It's easier than you'd think. Some resources that helped me:
http://blog.strikeiron.com/bid/63338/Integrate-a-REST-API-into-an-iPhone-App-in-less-than-15-minutes
http://www.slideshare.net/gillygize/connecting-to-a-rest-api-in-ios
The examples on the AFNetworking homepage alone may get you 80% of the way there.
UPDATE: The Mantle Framework (open sourced by Github Inc.) is well-designed and easy to use. It handles object mapping: converting a JSON NSDictionary to your own custom Objective-C model classes. It handles default cases sensibly and it's pretty easy to roll your own value transformers, e.g. from string to NSURL or string to your custom enum.
I have a couple of apps using a framework called Objective Resource which provides a wrapper for accessing remote REST based api's. It is aimed primarily at Ruby on Rails based applications so it's XML/JSON parsing may be tuned to handle some Rails defaults but it is worth looking at. It supports http basic authentication by default.
Just stumbled on this question - you might find LRResty pretty interesting as it uses NSOperation, blocks etc., see: GitHub for source (MIT license). I'm experimenting with it now - it has a sample app too.
I've used ASIHTTP in two apps so far and have had no problems.
Looks like you're doing HTTP Basic Auth with the remote site. Try hitting the same REST URL from a standard browser and pass the params you need down to it. It should prompt you for username/password. If it makes it through, then at least you know the server-side is set up to handle requests. If it doesn't, then you need to have a talk with the dev.
The next thing to try is put a Mac-based network sniffer and see what headers are going back and forth. Any of HTTPScoop, Wireshark, or Charles should work. Run the sniffer as a network proxy then run your app in the simulator and watch what goes across. Try it again with the browser. Once you see the differences, you can use the addRequestHeader method on ASIHTTPRequest to add any specific headers the server expects.
We are a .Net shop that has standardized on WCF Services. We are in the processs of developing an iPhone application that needs to make secure web services calls to obtain data for the app. To ensure secure communiations we have enabled SSL on our web servers. But this does not ensure the service can only be consumed by authorized apps. We have configured our services to support x509 certificate authentication. Is it even possible to call a secure WCF service with certifcate authentication from an IPhone app?
I have spent many hours searching the internet for examples but to no avail. I HAVE been able to successfuly call an un-secure WCF service with no issues. I have also done a lot of research on the WS-Security and WS-Trust communications standards. I believe I understand how this should work. I am just having trouble piecing together the steps/objects within the iPhone frameworks I need to make this work.
Any thoughts and ideas on the subject would be greatly appreciated.
Also, any thoughts on any of the following:
How best to deploy the P12 certifcate file with the iPhone application
How best to secure the password for the P12 file within the app
Is deploying the P12 file with the app a best practice
Are there facilties within the iPhone frameworks to support this kind of secure communication? If not, what would be an alternative recommendation.
For starters, I'd say if you are really serious about security please dedicate the proper time and resources to it and treat it like a first class citizen in your feature list. Don't just "turn on SSL" and pretend things are secure. I'm not suggesting you are doing this or not doing this, but I just feel like I have to say it before proceeding.
That said, you probably already know that WS-* is all built on top of http requests, and any time you are doing loads of http requests, you'll probably find ASIHTTPRequest very helpful on the iPhone. However, that will not get you 100% of the way there.
From the iPhone's perspective you have:
The URL loading system, which is a high level API for dealing with network resources of any kind
The CFNetwork C API which is lower-level and allows you a great deal more control of encrypting streams and network traffic any way you see fit
The Certificate, Key, and Trust Services that do the heavy lifting, and more specifically the X509 trust policies
On Macs you get to use Secure Transport, but as far as I know they haven't ported that to the device so I wouldn't get too distracted reading up on that unless you are planning on bringing this to the desktop or are just in the mood to learn everything :)
If you are doing any security with WCF, the first thing you probably realized is that there are many options available to you, but it all boils down to this short list:
Transport layer security (https) with clear text messages (xml/json/...)
Message layer security (encrypted message body) over an open transport (http)
Secured messages over a secured transport
The last time I was doing WCF (about a year ago) the general recommendation from Microsoft seemed to be Message layer security over an open transport because of firewall / accessibility issues introduced when trying to secure the transport. However, this approach assumed that all parties involved were .NET / WCF capable. I believe it would be easier to consume on the device if it were an HTTPS transport level security, with clear XML or JSON message bodies. That way you can take advantage of all the stuff baked into CFNetwork and NSHTTPRequest that Apple has done.
Once you get something working, you'll want to refer to the Enterprise Deployment Guide, and specifically the documentation on Over-the-Air Enrollment so that you can install the certificates on the devices. Remember, anything is possible, and don't be afraid to use one of those Apple support tickets that come with the program :)
EDIT:
I completely forgot to mention the GenericKeychain and CryptoExcercise examples
EDIT 2:
After I got downvoted for no apparent reason I re-read my response and realized I rambled a bit too much without actually answering your question about how to open a p12 file on the device. You ought to be able to simply [[UIApplication sharedApplication] openURL:urlToP12FileEitherLocalOrRemote]] and have it kick out to the OS for the installation procedure.
You can also use ssl + user/pass authentication at the message level.
Generally, if you want to install certificates on the iPhone, there are two options I have found (both of them from here):
Email the certificate to the recipient. If it is a valid certificate and the headers in the email are in order, then it will allow the recipient of the email to install the certificate. The problem here of course is a man-in-the-middle attack.
Use the iPhone enterpirse configuration utlity.
That should get you part of the way there (installing the certificate locally). I should note that in general, you don't want to install one certifiate for the entire application, but have separate certificates for your users. As a general practice, authenticating the application is a very bad thing, whereas you should be authenticating the user.
However, if you are authenticating the user already, then this shouldn't be an issue, as using basic authentication over HTTPS would work just as well (and easier to code).
I agree with Yaron Naveh's solution too, probably the best bet is to use SSL. I believe SSL/TLS encryption is better performance wise than message/XML based encryption in WCF too.
I think the certificate would probably need to be from a trusted CA (certificate authority) for this to work though. From memory, I had difficulty with the iPhone SDK with self-signed certificates, but that may well have changed in the last year...
An iPhone should be able to access a Certificate-secured WCF application. If you make your WCF service a RP of Azure ACS it should work using OAuth among other methods.
Take a look at the samples here for more: http://acs.codeplex.com/
I'm working on an iPhone project that needs to receive data from a PHP script during execution. My first thought was to use sockets/streams on either end to connect the two, but I am having trouble finding information on how to do this from the iPhone side.
Has anyone been down this path that could point me towards some useful resources or offer some advice? The official documentation seems to be geared more towards desktop apps and uses code that doesn't seem to be supported on the iPhone (namely NSHost).
Update: The intended use of this app is to receive log messages from an executing script, so I can't use a simple HTTP request with JSON or XML. Many cases will involve the page being loaded by another client, where the script would relay/push log messages to the iPhone.
Polling is evil. You'll chew through batteries doing that.
You might consider running an HTTP server on the iPhone. Check out this blog post; it has an implementation of an HTTP server in Cocoa as well as example code for using it for two-way communication.
The PHP CURL library (can't link it because the site doesn't trust me yet, just search php.net for it) is a (relatively) simple, easy way to make http requests with a PHP script.
Why don't you just use HTTP? Create an ad-hoc protocol with XML or JSON, use POST for upstream data transmission. I'm a fan of JSON for this sort of thing, personally. The PHP, instead of returning a webpage in HTML for rendering, should just return your data in a JSON format.
I'm thinking about creating an application for the iPhone and Android that will need to access a common backend to retrieve account information. Can both access a web service over https? What other way would allow me to have one interface to the backend that is accessible by both?
They both work over http and https which is a common enough protocol. I would suggest you go with a RESTful web service so you expose your service via URI's like http://www.myservice.com/weather/zip/98007 which would return an XML blob that can be parsed by the client.
if you are starting from nothing, i'd definitely go with RESTful service that returns/accepts JSON... there are plenty of libraries for both platforms that will accept JSON and turn it into arrays and dictionaries.
I'd recommend using a RESTful web service backend, which is all standard HTTP and/or HTTPS. If you can use Ruby on Rails, its default scaffolding will get you about 99% of the way there and for the iPhone there is an open source project called ObjectiveResource that will automate your communication with this Rails backend. I haven't investigated yet what options are available on Android but since it is all simple HTTP it should be straightforward. I am not the maintainer of ObjectiveResource but I have contributed some code. You can check it out here:
http://iphoneonrails.com
One good approach I have seen used with other services is to write the backend in such a way that it can feed data back in different types - for Android an XML response is best, but for the iPhone sending back plist data is preferred (though it can also work with XML if required). In both cases it's easier to simply POST updates back to the server than to wrap an update in XML.
Both platforms should be able to use whatever form of authentication you wish to use, the iPhone I know supports all methods of HTTP authentication.