Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

iOS: How to make a secure HTTPS connection to pass credentials?

I am creating my first iPad app. I have a web application that I would like to authenticate against and pull data from in a RESTful way.

If you open up the URL in the browser (https://myapp.com/auth/login), you will get a form to enter your username and password. I was thinking I could set the login credentials in the post data of the request and submit the data.

The site uses HTTPS for login so that credentials aren't passed in plain text over the internet.

How can I make a secure HTTPS connection to pass credentials? Will this remember that I am logged in for future requests? What is the best way to do this?

like image 536
Andrew Avatar asked Aug 18 '10 04:08

Andrew


People also ask

How do I pass login credentials through URL?

We can do HTTP basic authentication URL with @ in password. We have to pass the credentials appended with the URL. The username and password must be added with the format − https://username:password@URL. Let us make an attempt to handle the below browser authentication.

What is the default authentication method in IOS?

Apple Two-Factor Authentication This adds an extra layer of security for Apple ID credentials, helping safeguard users against any potential error during the app development process.


1 Answers

Further update, October 2013

Although at the time I wrote this answer, ASIHTTPRequest was maintained a widely supported, this is no longer the case. It is not recommended for new projects - instead use NSURLConnection directly, or use AFNetworking.

With AFNetworking, there is a [httpClient setAuthorizationHeaderWithUsername:username password:password]; method for http authentication, and create a POST style form is equally easy - see AFNetworking Post Request for that.


Original answer:

A lot of people use the ASIHTTPRequest class to deal with http & https on the iPhone/iPad, as it has a lot of useful features that are difficult or time consuming to achieve with the built in classes:

http://allseeing-i.com/ASIHTTPRequest/

Starting at the simplest level you'd start with something like:

  NSURL *url = [NSURL URLWithString:@"http://allseeing-i.com"];
  ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];

  [request startSynchronous];
  NSError *error = [request error];
  if (!error) {
      NSString *response = [request responseString];
      NSLog(@"response = %@", response);
  }

If you're using HTTP authentication, ASIHTTPRequest will automatically prompt the user for the username and password.

IF you're using some other form of authentication you probably need to request the username and password from the user yourself, and submit them as a POST value or a custom http header, and then the response may either include a token in a JSON or XML response, or it could set a cookie.

If you add more details as to how the authentication scheme works I can be a bit more specific.

Update

Based on the update, to emulate a POST form you'd just need to add lines like:

[request addPostValue:usernameString forKey:@"username"];
[request addPostValue:passwordString forKey:@"password"];

You will also need to change the way you create the request, instead of:

  ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];

do:

  ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];

(I also forget to mention it above, there's code I put earlier is using a synchronous request, so you'd want to replace it with an asynchronous one to avoid blocking the UI once you'd proved it was working.)

There's a JSON framework for the iphone here:

http://code.google.com/p/json-framework/

which works well for me and is simple to use with ASIHTTPRequest.

like image 104
JosephH Avatar answered Nov 07 '22 00:11

JosephH