How do I detect an authentication challenge from a UIWebView?

Question

I've seen many questions that ask (and answer) how to supply credentials when you know beforehand that the request requires them.

When I load a site that requests an authentication challenge, (responds with HTTP 401), my UIWebViewDelegate only receives the following callbacks: webView:shouldStartLoadWithRequest:navigationType: and sometimes webViewDidStartLoad: (webViewDidStartLoad: seems to be called if I navigate directly to the site, and it seems not to be called if I'm redirected there).

By overriding -[NSObject respondsToSelector:], the UIWebViewDelegate receives some calls to uiWebView:resource:canAuthenticateAgainstProtectionSpace:forDataSource: and uiWebView:resource:didReceiveAuthenticationChallenge:fromDataSource:, which could be useful, but of course those are private API and will probably get my app rejected.

I've tested a few different mainstream apps with embedded UIWebViews. So far, only Chrome handles these authentication challenges properly. I've even set up my own server and validated that Chrome only POSTs once. Twitter and Tweetbot fail just show the loading screen forever, just like mine.

Is there another (probably very hacky) way to detect these authentication challenges other than using a second speculative NSURLConnection? If I make a POST request, that will double-POST everything, which is bad.

I've added a radar to request an enhancement to UIWebView for this. Please duplicate it.

Thanks for making the radar request - I've duped it! – karlbecker_com Jun 18 '13 at 04:30 — karlbecker_com, Jun 18 '13 at 04:30

score 6 · Accepted Answer · answered Sep 23 '13 at 17:58

6

Apple now has sample code that solves this problem. It also looks like the most complete documentation of how to implement an NSURLProtocol properly.

answered Sep 23 '13 at 17:58

Heath Borders

30,998
16
147
256

I'm having issues with this sample code. One of my NSURLConnections stops receiving callbacks. However, this still seems to be the best option out there. I've filed a TSI with DTS, and hopefully Apple can help me resolve my issue. – Heath Borders Sep 24 '13 at 16:15
1

My issue happened because I had another `NSURLProtocol` that used an `NSURLConnection`, which was intercepting `UIWebView` calls. After talking to Apple DTS, it sounds like you can't use `NSURLConnection`-based `NSURLProtocol`s with `UIWebView`. Apple's sample code uses `NSURLSession` so it's fine. – Heath Borders Jun 04 '15 at 16:37

score 3 · Answer 2 · answered Apr 26 '13 at 15:03

3

You could load all requests in your own NSURLConnection, then feed the data into the webview as a string. This would allow you to intercept the connection in all its glory and still get the native UIWebView rendering. I’m not sure if it would work well with streaming the data into the web view as it arrives, but hopefully we aren’t talking about too much data here.

answered Apr 26 '13 at 15:03

Jeff Kelley

19,021
6
70
80

Thanks. This is what I'm doing now. – Heath Borders Apr 26 '13 at 15:35
I’d be interested to hear, either here or on Twitter, how it works out, especially if you try incrementally loading the HTML string. – Jeff Kelley Apr 26 '13 at 18:14
I'm not planning to do incremental loading. I'll try to blog about this once I get it going. – Heath Borders Apr 26 '13 at 19:30
This method doesn't work if the page does XHR or uses iframes. I've rewritten the system to use an NSURLProtocol, which seems to handle that case ok. – Heath Borders Sep 23 '13 at 17:16
I just found some Apple sample code that solves this problem. See http://stackoverflow.com/a/18965789/9636 – Heath Borders Sep 23 '13 at 17:59

How do I detect an authentication challenge from a UIWebView?

2 Answers2