Menu
I have a use case where a UIWebView may need to connect with a web server secured with NTLM. I also have a use case where I already have the credentials to be passed. So instead of forcing the user to enter them, how do I perform the handshake with the UIWebView?
UPDATE:
Using this method here works well enough when you are doing simple GET requests, but utterly fails when doing POSTs, for the mere fact that it is doing a GET after it is posted.
The ASIHttpRequest and ASIWebPageRequest have the same problem. GET requests work wonders, but any POSTs just don't work. If only the world worked on just GET requests.
I have been able to use this method of including the username and password in the HTTP request string, but that is so grossly insecure as to defy reason for using it. Using a sniffer I am able to see the three-way handshake occur without any problems on both GET and POST requests.
331
You can set the default credential:
NSURLProtectionSpace *protectionSpace = [[NSURLProtectionSpace alloc]
initWithHost: _host
port: 80
protocol: @"http"
realm: _host
authenticationMethod:NSURLAuthenticationMethodNTLM];
[[NSURLCredentialStorage sharedCredentialStorage] setDefaultCredential:[NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceForSession] forProtectionSpace:protectionSpace];
Now you can let your webviews do the request, and when it encounters your protenctionSpace it logs in using the given credentials
118
As of iOS 3.2 and 4.1, there is no public delegate for intercepting the NTLM challenge. There is, however, a private API that can be overriden to give proper support for this. Since this would put your application in danger of being rejected, I will forgo posting the code because it is of no worth for App Store development at the present time.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
