Re: HTTP (NTLM) authentication with Cocoa
Re: HTTP (NTLM) authentication with Cocoa
- Subject: Re: HTTP (NTLM) authentication with Cocoa
- From: Mark Pauley <email@hidden>
- Date: Tue, 1 Jul 2008 11:52:13 -0700
Hi Niklas,
I think you might be misunderstanding the documentation on this one,
which is about as clear as mud. When your NSURLConnection delegate
gets an auth challenge message, you need to send -
useCredential:forAuthenticationChallenge: to the connection, or we'll
go along on our merry way without checking the credential store
again. What's worse is that when we handle the next 401, we'll see a
bad credential in the credential store and think that it must be bad
(because we must have just used it...) and clear that credential then
message your delegate with auth challenge again.
Take a look at http://developer.apple.com/documentation/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html#/
/apple_ref/doc/uid/20001836-160393
you've got a couple of choices for how to deal with an AuthChallenge,
including continuing without creds, use creds and cancel auth.
_Mark
On Jul 1, 2008, at 12:00 AM, Niklas Saers wrote:
Hi guys,
had a tip from Jens that macnetworkprog@ might be a better place for
my question than cocoa-dev.
I'm trying to do NTLM authentication from my client program that I
want to keep all-Cocoa. I've tried following the different tutorials
I could find on the net, but they're usually discussing Basic
authentication, and I don't seem to get even that right in my
code. ;-) What I suspect I'm missing is something that binds the
NSURLCredential to NSMutableURLRequest.
The userinfo from the error I get is this one:
{
NSErrorFailingURLKey = http://192.168.0.5:42334/;
NSErrorFailingURLStringKey = "http://192.168.0.5:42334/";;
NSUnderlyingError = Error Domain=kCFErrorDomainCFNetwork
Code=-1012 UserInfo=0x1f0b40 "Operation could not be completed.
(kCFErrorDomainCFNetwork error -1012.)";
}
The HTTP header dialogue between my client and the server goes like
this:
GET /Pages/Default.aspx HTTP/1.1
User-Agent: (myApp/0.1 (myApp))
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: 192.168.0.5:42334
A 401 is passed back from the server.
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
MicrosoftSharePointTeamServices: 12.0.0.4518
X-Powered-By: ASP.NET
Date: Mon, 30 Jun 2008 12:55:40 GMT
Then happens the weirdest thing: the client sends the exact same
request back again. It doesn't add the credentials at all. And of
course, the server sends the exact same information back again.
Jens informed me that I have to add the Domain for authentication,
but NSURLCredential doesn't mention Domain at all. I'm able to
authenticate just fine through Safari, and CFNetwork Programming
Guide has a bit on it, but I'd much prefer to keep living in the
world of Cocoa to ensure compability with Cocoa Touch.
Here is my code:
+ (void) test {
NSString *host = @"http://192.168.0.5:42334/";;
NSString *username = @"someuser";
NSString *password = @"somepass";
int port = 42334;
NSURLCredential *newCredential =[NSURLCredential
credentialWithUser:username password:password
persistence:NSURLCredentialPersistenceForSession];
NSURLProtectionSpace *space = [[NSURLProtectionSpace alloc]
initWithHost:host port:port protocol:@"http" realm:nil
authenticationMethod:nil];
NSURLCredentialStorage *store = [NSURLCredentialStorage
sharedCredentialStorage];
[store setCredential:newCredential forProtectionSpace:space];
NSMutableURLRequest *urlRequest = [NSMutableURLRequest
requestWithURL:[NSURL URLWithString:host]
cachePolicy:NSURLCacheStorageNotAllowed timeoutInterval:30];
[urlRequest setValue:@"(myApp/0.1 (myApp))"
forHTTPHeaderField:@"User-Agent"];
NSURLResponse *response;
NSError *error;
NSData *returnData = [NSURLConnection
sendSynchronousRequest:urlRequest returningResponse:&response
error:&error];
if(error) {
NSLog(@"test error: %@", error);
NSLog(@"test userinfo: %@", [error userInfo]);
} else {
NSLog(@"test response: %@", response);
NSLog(@"test result: %d", returnData);
}
}
What am I doing wrong? Why is there not added an Authorization-field
to my HTTP request?
Cheers
Nik
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden