Re: URLHandle / Authentication examples
Re: URLHandle / Authentication examples
- Subject: Re: URLHandle / Authentication examples
- From: Dave Hersey <email@hidden>
- Date: Sun, 21 Mar 2004 17:03:05 -0500
On 3/21/04 12:30 PM, "email@hidden" <email@hidden>
wrote:
>
Hello,
>
Does any one know if there are any examples using NSURLHandle, NSURL and
>
the like when connecting to a server that requires authentication? I have
>
a pretty not so bad method for a regular un-authenticated connection but
>
I'd like to be able to get data from a password protected folder on said
>
server and I'm not sure how to go about doing that.
>
I've spent a few hours on the developer site and a while in the Cocoa
>
Programming book (which is how I finally figured out what I was doing
>
wrong with NSURLHandle.) But I did not find the information I needed for
>
this part. I want a person to be able to store a user id and password in
>
the program. I assume the security framework has some kind of means for
>
this but I have not gotten to that part yet. Anyway I just need to figure
>
out how to deal with authentication.
>
>
Thanks April.
April,
I don't know of any samples for this, but I had to do MD5 authentication
using NSURLDownload, and here's how I did that. You'd do something similar
for NSURLConnection if you're using that. You'll need delegates for
download: didReceiveAuthenticationChallenge and download:didFailWithError.
If your authentication algorithm is MD5, take a look here to figure out how
to construct the response:
http://www.ietf.org/rfc/rfc2617.txt
Otherwise, Google your algorithm if necessary.
- (void) download: (NSURLDownload *) download
didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)
challenge
{
NSHTTPURLResponse *failureResponse =
(NSHTTPURLResponse *) [challenge failureResponse];
int statusCode =
(failureResponse)? [failureResponse statusCode]: -1;
// If we received an authentication challenge, cancel this request
// and resend it with the auth info.
if ((failureResponse) && (statusCode == 401))
{
NSMutableDictionary *allHeaderFields;
allHeaderFields = (NSMutableDictionary *)
[failureResponse allHeaderFields];
// Cancel this challenge. (...and the request.)
[[challenge sender] cancelAuthenticationChallenge:challenge];
// Create the authentication header that we need by using the
// header that the server passed us, creating an MD5 hash, etc.
// ...<code snipped>
// Add our authentication header to the last request.
// ...<code snipped>
}
}
At this point, m_bOKToReissueLastRequest will be TRUE (since it's set before
making the original request), so when this code executes, it will resend the
last request which will now pass authentication. In my case, I only allow
for one failed authentication, and then the user needs to go correct their
stored preferences. If you provide user interaction, then you'd do that
here, I suppose.
- (void) download: (NSURLDownload *) download
didFailWithError: (NSError *) error
{
// Check for fatal errors and report to user.
// ...<code snipped>
// If we didn't have a fatal error, and it's ok to reissue the last
// request (meaning we haven't reauthenticated or cancelled yet)
// reissue it.
if (!m_bReportedWebError && m_bOKToReissueLastRequest)
{
// Reissue the last request using the current authorization header.
m_bOKToReissueLastRequest = FALSE;
[self reissueLastRequest];
}
else // Can't reissue the last request
{
// Release and clear the current NSDownload, since it completed.
[m_currentNSURLDownload release];
m_currentNSURLDownload = nil;
// Clean up.
// ...<code snipped>
}
}
Finally, I used libcrypto to do the MD5 hash. You can probably use libcrypto
for whatever you're doing as well. I only had to worry about MD5 for my
application. You probably have slightly different needs than I did, but I
hope that helps somewhat.
- Dave
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.