Passing IIS basic authentication credentials from within a UIWebView

I have been trying to find the proper way to provide basic authentication credentials to access a website from within a UIWebView in my app. The simplest way to do this would be,

http://username:password@yoursite.com

But this is not a secure way to pass credentials to access a website. After some research online and going through Apple documentation, I realised the proper way to do this is to initiate a NSURLConnection and catch the authentication challenge in the willSendRequestForAuthenticationChallenge delegate method and pass NSURLCredential as a response for the challenge.

Below is a code sample,

Create a request object with the URL and load the request in webview with the loadRequest method.

[WebView loadRequest:request];

Initiate a NSURLConnection in the shouldStartLoadWithRequest method.

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType
{

    NSLog(@"Loading URL :%@",request.URL.absoluteString);

    if (!_authCheck) {

        _authCheck= NO;

        [NSURLConnection connectionWithRequest:request delegate:self];

        return NO;

    }

    return YES;

}

Intercept the authentication challenge in the willSendRequestForAuthenticationChallenge method of NSURLConnectionDelegate. Send the credentials as response for the challenge and set the credential in the sharedCredentialStorage.

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{

    if([challenge previousFailureCount]==0)

    {

        _authCheck=YES;

        NSURLCredential *credential = [NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceForSession];

        

        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];

        [[NSURLCredentialStorage sharedCredentialStorage]setCredential:credential forProtectionSpace:[challenge protectionSpace]];

    }

    else{

        [[challenge sender] cancelAuthenticationChallenge:challenge];

    }

}

Return YES in the connectionShouldStoreCredentialStorage method.

-(BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection 
{     
        return YES; 
} 

Load the request in the webview in the NSURLConnectionDelegate’s didReceiveResponse method.

- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response 

{     

        NSLog(@"received response via nsurlconnection");       

        [WebView loadRequest:request]; 

}

The site will now load in the webview. You can tweak this a little bit and show a prompt for the user to enter the username and the password if need be.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s