Re: URLHandle / Authentication examples
Re: URLHandle / Authentication examples
- Subject: Re: URLHandle / Authentication examples
- From: email@hidden
- Date: Sun, 21 Mar 2004 17:27:57 -0500 (EST)
Whoa... Lots of reading to do. I see that I have bitten off a pretty good
chunk here. Good thing I have a 180 day expectation on this LOL.
April
>
On 3/21/04 12:30 PM, "email@hidden" <email@hidden>
>
wrote:
>
>
> Hello,
>
> Does any one know if there are any examples using NSURLHandle, NSURL and
>
> the like when connecting to a server that requires authentication? I
>
> have
>
> a pretty not so bad method for a regular un-authenticated connection but
>
> I'd like to be able to get data from a password protected folder on said
>
> server and I'm not sure how to go about doing that.
>
> I've spent a few hours on the developer site and a while in the Cocoa
>
> Programming book (which is how I finally figured out what I was doing
>
> wrong with NSURLHandle.) But I did not find the information I needed for
>
> this part. I want a person to be able to store a user id and password in
>
> the program. I assume the security framework has some kind of means for
>
> this but I have not gotten to that part yet. Anyway I just need to
>
> figure
>
> out how to deal with authentication.
>
>
>
> Thanks April.
>
>
April,
>
>
I don't know of any samples for this, but I had to do MD5 authentication
>
using NSURLDownload, and here's how I did that. You'd do something similar
>
for NSURLConnection if you're using that. You'll need delegates for
>
download: didReceiveAuthenticationChallenge and download:didFailWithError.
>
>
If your authentication algorithm is MD5, take a look here to figure out
>
how
>
to construct the response:
>
http://www.ietf.org/rfc/rfc2617.txt
>
>
Otherwise, Google your algorithm if necessary.
>
>
- (void) download: (NSURLDownload *) download
>
didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge
>
*)
>
challenge
>
{
>
NSHTTPURLResponse *failureResponse =
>
(NSHTTPURLResponse *) [challenge failureResponse];
>
>
int statusCode =
>
(failureResponse)? [failureResponse statusCode]: -1;
>
>
// If we received an authentication challenge, cancel this request
>
// and resend it with the auth info.
>
if ((failureResponse) && (statusCode == 401))
>
{
>
NSMutableDictionary *allHeaderFields;
>
>
allHeaderFields = (NSMutableDictionary *)
>
[failureResponse allHeaderFields];
>
>
// Cancel this challenge. (...and the request.)
>
[[challenge sender] cancelAuthenticationChallenge:challenge];
>
>
// Create the authentication header that we need by using the
>
// header that the server passed us, creating an MD5 hash, etc.
>
// ...<code snipped>
>
>
// Add our authentication header to the last request.
>
// ...<code snipped>
>
}
>
}
>
>
At this point, m_bOKToReissueLastRequest will be TRUE (since it's set
>
before
>
making the original request), so when this code executes, it will resend
>
the
>
last request which will now pass authentication. In my case, I only allow
>
for one failed authentication, and then the user needs to go correct their
>
stored preferences. If you provide user interaction, then you'd do that
>
here, I suppose.
>
>
- (void) download: (NSURLDownload *) download
>
didFailWithError: (NSError *) error
>
{
>
// Check for fatal errors and report to user.
>
// ...<code snipped>
>
>
// If we didn't have a fatal error, and it's ok to reissue the last
>
// request (meaning we haven't reauthenticated or cancelled yet)
>
// reissue it.
>
if (!m_bReportedWebError && m_bOKToReissueLastRequest)
>
{
>
// Reissue the last request using the current authorization
>
header.
>
m_bOKToReissueLastRequest = FALSE;
>
[self reissueLastRequest];
>
}
>
else // Can't reissue the last request
>
{
>
// Release and clear the current NSDownload, since it completed.
>
[m_currentNSURLDownload release];
>
m_currentNSURLDownload = nil;
>
>
// Clean up.
>
// ...<code snipped>
>
}
>
}
>
>
Finally, I used libcrypto to do the MD5 hash. You can probably use
>
libcrypto
>
for whatever you're doing as well. I only had to worry about MD5 for my
>
application. You probably have slightly different needs than I did, but I
>
hope that helps somewhat.
>
>
- Dave
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.