Re: Questions on when credentials are used in NSURLSessionDownloadTask
Re: Questions on when credentials are used in NSURLSessionDownloadTask
- Subject: Re: Questions on when credentials are used in NSURLSessionDownloadTask
- From: Daryle Walker <email@hidden>
- Date: Mon, 20 Apr 2015 22:28:54 -0400
> On Apr 20, 2015, at 5:22 AM, Quinn The Eskimo! <email@hidden> wrote:
>
> Having said that, you need to make sure you respond to the /right/ challenges. An authentication challenge handler should always have this general structure:
>
> - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task
> didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
> completionHandler:(...))completionHandler
> {
> if ([challenge.protectionSpace.authenticationMethod isEqual:xxx]) {
> ... handle the xxx challenge ...
> } else if ([challenge.protectionSpace.authenticationMethod isEqual:yyy]) {
> ... handle the yyy challenge ...
> } else {
> completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
> }
> }
>
> That is, you should specifically look for the challenges you care about and handle those explicitly. If you get a challenge you don't care about, complete it with NSURLSessionAuthChallengePerformDefaultHandling.
Here’s what I got now:
> - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task
> didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge
> completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler {
> if (self.usernameAndPassword && ([challenge.protectionSpace.authenticationMethod isEqual:NSURLAuthenticationMethodDefault] || [challenge.protectionSpace.authenticationMethod isEqual:NSURLAuthenticationMethodHTTPBasic] || [challenge.protectionSpace.authenticationMethod isEqual:NSURLAuthenticationMethodHTTPDigest] || [challenge.protectionSpace.authenticationMethod isEqual:NSURLAuthenticationMethodNTLM])) {
> // Password-based authentication
> completionHandler([challenge.proposedCredential isEqual:self.usernameAndPassword] ? NSURLSessionAuthChallengeRejectProtectionSpace : NSURLSessionAuthChallengeUseCredential, self.usernameAndPassword);
> } else {
> completionHandler(NSURLSessionAuthChallengePerformDefaultHandling, nil);
> }
> }
The URLs I’m testing on are: http://httpbin.org/basic-auth/hello/there and http://httpbin.org/digest-auth/auth/hello/there
When creating a credential with username “hello” and password “there,” the former URL succeeds (200) while the latter fails (401). It the “auth” in the latter URL the right choice? (…Just tried “auth-init,” also doesn’t work.)
—
Daryle Walker
Mac, Internet, and Video Game Junkie
darylew AT mac DOT com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden