I used synchronize method of nsurlconnection for initiating the network connection. Since my system is behind a proxy i want to add the code for challenge response. The problem which i am facing is that the challenge response method is not getting called. is using synchronize method is the problem ?
Do you mean sendSynchronousRequest:returningResponse:error: by "synchronize`?
If so, connection:didReceiveAuthenticationChallenge: is not called for synchronous requests. But you can still provide NSURLCredential / NSURLProtectionSpace and store it into NSURLCredentialStorage before sending the request.
Check Mike's answer here: Can I use NSURLCredentialStorage for HTTP Basic Authentication?
Related
I am building an iPhone app where I would like authenticate with a rails server that uses Authlogic for authentication.
I am okay sending the username/password once but would like to use the persistence_token for auth following that.
I am unable to authenticate with the rails server. What special magic do I need to do to get persistence_token to work? Do I pass it in the header or set it in the cookies? Also do I need to wrap it in user_session?
I am using ASIHTTPRequest to make JSON calls.
Many thanks for the help! I am hoping anyone else who has a similar question in the future will end up saving hours once this question is correctly answered. Also, I realize my understanding of persistence_token might not be correct, in that case, please correct me.
Looks like persistence_token is set in the cookies as user_session=. One could set the cookie for every request, but I am just logging in with ASIHTTP once the client is started. ASIHTTP/NSURL continues to save the cookies for all the recurring calls.
I'm working on a web view that needs to work with only servers I trust (Based on the SSL handshake), and not all of those that Apple approve.
Is there a way to intercept the UIWebView connection so I could control on the request authentication?
When I use the UIWebView method loadRequest: there's no way of getting the SSL challenge (since it's not part of the UIWebViewDelegate protocol).
An alternative is to get the request that the UIWebView is about to send (using the delegate callback webView:shouldStartLoadWithRequest:navigationType:), telling the UIWebView not to load it, and sending the request using NSURLConnection (using its delegation methods for the SSL handshake logic). and when the connection finishes, loading the data it receives into the UIWebView (using the loading method loadData:MIMEType:textEncodingName:baseURL:). This workaround is working for simple sites, but complicated sites (JS, CSS...) might not work.
Thanks!
I had a similar problem of trying to display a web page for which the certificate has expired. I found this post, which showed me how to use a protocol on NSURLRequest, to override the method allowsAnyHTTPSCertificateForHost.
He stresses that this might or might not be accepted by Apple - however for my development this saves me some time.
You may be able to use this technique for your solution.
i am making an app in which there is a need of money transaction...
for this i have to send SOAP xml to server but in secure way....
i have been told that i have to create SSL connection first and then send that soap message.....
I know about SOAP very well but no idea about SSL connection...
please provide some help...
Check out NSURLConnection docs on the apple site: NSURLConnection
EDIT: added more info.
You need to set up authentication. A quick search of SO produced these results:
NSURLConnection SSL HTTP Basic Auth and
HTTPS with NSURLConnection - NSURLErrorServerCertificateUntrusted
You need to set up your server to handle authentication, then issue a challenge to the device. As you can see in the above posts, there is a function: didReceiveAuthenticationChallenge:
You need to use this to handle authentication challenges. You can get a good idea of how to go about it using the above posts.
Your server needs to be set up to handle authentication, as well. I don't know what language you use with your server, but as I use PHP, here is the PHP manual link on authentication:
PHP authentication
It is a tricky thing to do at first, but once you get into it isn't bad (and creating more https connections comes easily). However, writing out everything you would need to do here is a bit much. If you scope out those posts, you can get a general idea about how to go about it. It'll take some working to get it done.
Most often this simply means that you have to send data to an HTTPS endpoint. What this also means is that there is a secure connection (done for you automatically) between the client and the server so that the payload (body) of the message is encrypted rather than transmitted in clear text (which is the case with HTTP).
Basically, most times, it is enough just to make sure you're using HTTPS :)
Have a look at http://en.wikipedia.org/wiki/Secure_Sockets_Layer
I have a query regarding sending secure data over the network in iPhone.
What should be used to secure credit-card, bank acct# etc. information which is sent over wireless network.
Is there any difference in methods if we use a native-app or a web-app?
Are there any direct APIs available for this?
Any tutorial will be really helpful.
Thanks in advance.
EDIT :
So where exactly the certificate/encryption is needed?
Is following procedure correct?
1]Make connection to “https:” web-service using NSURLConnection
2]The server should implement SSL/TLS Server will respond with a digital certificate (*.p12 file)
3]Client side authorization will be done. (Whether the obtained certificate is trusted or
not is checked. If trusted,then we can continue. Otherwise exit gracefully)
4]Now Secure Channel is established. Send the data (Credit card info. etc) to server. Encryption can be done using public/private key pair
I am able to connect to a "http://" SOAP webservice. procedure:
1) Create a SOAP Envelope (With required i/p parameters)
2) Make NSURL Object with required web service addr
3) Initialize 'NSMutableURLRequest' with above url
4) Set parameters for NSMutableURLRequest
5) Initiate 'NSURLConnection' with above request.
After this automatically NSURLConnection methods are called.
Now I want to connect to 'Https://' web-service and send sensitive info to it.
So,what extra needs to be done? Do I need to add extra methods or above approach works? (I send parameters as plain text from in http)
Make sure the receiving server-side code implements SSL/TLS, the iphone's NSURLConnection and the alternative open-source ASIHTTPRequest both support secure connections to https websites by default.
Had a question related to best practices in iPhone login authentication using asynchronous NSURLConnection.
Since the same delegate is used for logging into a server, how do folks differentiate notifications coming back for an authentication request, versus when you recieve data for subsequent data requests?
Thanks,
Sj
If by authentication, you mean HTTP authentication, then that is not handed back to you as data. It comes back in -connection:didReceiveAuthenticationChallenge:. If you're talking about a higher-level protocol that manages authentication above the HTTP layer, then it's your job to keep track of the current state of your connection.
See Using NSURLConnection for full details on HTTP Auth.
The common pattern to use would be to create a different class for each type of request you have and make it manage the lifetime its own NSURLConnection. It can then send events back to its delegate.
The other method would be to remember all the NSURLConnections you've created and compare them against the first parameter of the delegate callbacks.