0

I want ot pass username and password in URL(web service) for user authentication which will return true and false.I'm doing this as following:

NSString *userName = [NSString stringWithFormat:@"parameterUser=%@",txtUserName];
NSString *passWord = [NSString stringWithFormat:@"parameterPass=%@",txtPassword];
NSData *getUserData = [userName dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *getUserLength = [NSString stringWithFormat:@"%d",[getUserData length]];
NSData *getPassData = [passWord dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *getPassLength = [NSString stringWithFormat:@"%d",[getPassData length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setURL:[NSURL URLWithString:@"http://URL/service1.asmx"]];
[request setHTTPMethod:@"GET"];

Now, I wanted to know How can I pass my username and password in this URL to make request. Could any one please suggest or give some sample code? Thanks.

Mike Abdullah
  • 14,933
  • 2
  • 50
  • 75
bapi
  • 1,903
  • 10
  • 34
  • 59
  • 2
    I guess this is for exercising, because that's highly insecure. – Cyrille Feb 11 '13 at 13:27
  • You should really not put the username or password in the URL. Instead it should be in the headers, or body, preferably encoded/encrypted, sent over https (secure http). – Paaske Feb 11 '13 at 13:29
  • @Paaske Thanks for this suggestion. Actually I want to make it secure.How can I do this? – bapi Feb 11 '13 at 13:39

4 Answers4

0

Try this :-

NSString *userName = [NSString stringWithFormat:@"parameterUser=%@",txtUserName.text];
    NSString *passWord = [NSString stringWithFormat:@"parameterPass=%@",txtPassword.text];
    NSData *getUserData = [userName dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
    NSString *getUserLength = [NSString stringWithFormat:@"%d",[getUserData length]];
    NSData *getPassData = [passWord dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
    NSString *getPassLength = [NSString stringWithFormat:@"%d",[getPassData length]];
    NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
    [request setURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://URL/service1.asmx?%@&%@",userName,passWord]]];
    [request setHTTPMethod:@"GET"];

Hope it helps you..

P.J
  • 6,547
  • 9
  • 44
  • 74
0
NSString *urlStr = [NSString stringWithFormat:@"http://URL/service1.asmx?%@&%@",userName,passWord];
[request setURL:[NSURL URLWithString:urlStr]];
Inder Kumar Rathore
  • 39,458
  • 17
  • 135
  • 184
  • Thanks for this code.But will it be secure?If not, How can I make a secure connection? – bapi Feb 11 '13 at 13:42
  • It depends whether you server is expecting usrName/pswd in post data or not. Usually credentials are set in post data. I don't know what your server is expecting – Inder Kumar Rathore Feb 11 '13 at 13:44
  • My DB is expecting string.Do you mean, it should be like this to make secure?[request setURL:[NSURL URLWithString:[NSString stringWithFormat:@"http://URL/service1.asmx?%@&%@",userName,passWord]]]; [request setHTTPMethod:@"POST"]; or anything need to be added? – bapi Feb 11 '13 at 13:54
0

First off I would not pass a username and password across in a url. You should do this using post. 

NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"http://URL/service1.asmx?"]];

NSString *userName = [NSString stringWithFormat:@"parameterUser=%@",txtUserName];
NSString *passWord = [NSString stringWithFormat:@"parameterPass=%@",txtPassword];
NSString *postString = [NSString stringWithFormat:@"username=%@&password=%@",userName, passWord];
NSData *postData = [NSData dataWithBytes: [postString UTF8String] length: [postString length]];

//URL Requst Object
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:TIMEOUT];
[request setHTTPMethod:@"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody: postData];

This is more secure then passing sensitive data across in a url.

Edit

To get the response you can check this out. NSURLConnection and AppleDoc NSURLConnection

You can use a few different methods to handle the response from the server. You can use NSURLConnectionDelegate

NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
[self.connection start];

along with the delegate call backs:

- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data {

    NSLog(@"didReceiveData");
    if (!self.receivedData){
        self.receivedData = [NSMutableData data];
    }
    [self.receivedData appendData:data];
}

- (void)connectionDidFinishLoading:(NSURLConnection *)connection {

    NSLog(@"connectionDidFinishLoading");
    NSString *receivedString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
    NSLog(@"receivedString:%@",receivedString);

}

Or you can also use NSURLConnection sendAsynchronousRequest block

NSOperationQueue *queue = [[NSOperationQueue alloc] init];

[NSURLConnection sendAsynchronousRequest:urlRequest queue:queue completionHandler:^(NSURLResponse *response, NSData *data, NSError *error)
{
    NSString *receivedString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
        NSLog(@"receivedString:%@",receivedString);

}];
Community
  • 1
  • 1
Jaybit
  • 1,864
  • 1
  • 13
  • 20
  • Thanks for suggestion; How do I check, success or fail(i.e. true or false),Because my web service returns "true" or "false" depending on success or fails.Also, what is the value of this "application/x-www-form-urlencoded" and "Content-Type", could i keep it as it is? I'm new to this,please suggest. – bapi Feb 11 '13 at 14:31
  • Looks your suggestion is more appropriate, could you please give more idea or response to my comment?Thanks. – bapi Feb 11 '13 at 15:09
  • I added an edit to my post that has links to how to get the returned response from the server. I will add another edit with some example code. – Jaybit Feb 11 '13 at 15:47
0

To improve the secure , you may use the Http Basic Authentication. There are answer here.

Community
  • 1
  • 1
will
  • 31
  • 6
  • I do not want to use basic authentication, because my networks are not trusted.Thanks. – bapi Feb 11 '13 at 15:05