Passing IIS basic authentication credentials from within a UIWebView

I have been trying to find the proper way to provide basic authentication credentials to access a website from within a UIWebView in my app. The simplest way to do this would be,

But this is not a secure way to pass credentials to access a website. After some research online and going through Apple documentation, I realised the proper way to do this is to initiate a NSURLConnection and catch the authentication challenge in the willSendRequestForAuthenticationChallenge delegate method and pass NSURLCredential as a response for the challenge.

Below is a code sample,

Create a request object with the URL and load the request in webview with the loadRequest method.

[WebView loadRequest:request];

Initiate a NSURLConnection in the shouldStartLoadWithRequest method.

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType

    NSLog(@"Loading URL :%@",request.URL.absoluteString);

    if (!_authCheck) {

        _authCheck= NO;

        [NSURLConnection connectionWithRequest:request delegate:self];

        return NO;


    return YES;


Intercept the authentication challenge in the willSendRequestForAuthenticationChallenge method of NSURLConnectionDelegate. Send the credentials as response for the challenge and set the credential in the sharedCredentialStorage.

- (void)connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

    if([challenge previousFailureCount]==0)



        NSURLCredential *credential = [NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceForSession];


        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];

        [[NSURLCredentialStorage sharedCredentialStorage]setCredential:credential forProtectionSpace:[challenge protectionSpace]];



        [[challenge sender] cancelAuthenticationChallenge:challenge];



Return YES in the connectionShouldStoreCredentialStorage method.

-(BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection 
        return YES; 

Load the request in the webview in the NSURLConnectionDelegate’s didReceiveResponse method.

- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response 


        NSLog(@"received response via nsurlconnection");       

        [WebView loadRequest:request]; 


The site will now load in the webview. You can tweak this a little bit and show a prompt for the user to enter the username and the password if need be.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s