1

I have been searching over the internet about the right configuration to send a POST to my server using HTTPS, some web pages say i need NSURLCredential and others say:

Just use a @"https://www.myhttpsite.com/" URL and it should work the same way as normal HTTP urls.

So, how is the right way? i need to send credentials of users from my iOS app to my server to authenticate them, so i need to protect this credentials with the HTTPS.

My server already works fine with the HTTPS using internet browsers.

So far what i have is this:

NSString *user = @"user";
NSString *pass = @"pass";
NSString *postData = [NSString stringWithFormat:@"user=%@&pass=%@", user, pass];
NSURL *url = [NSURL URLWithString:@"https://myserver.com"];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
request.HTTPMethod = @"POST";
request.HTTPBody = [postData dataUsingEncoding:NSUTF8StringEncoding];
[NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue mainQueue] completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError) {
    NSString *strData = [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];
    NSLog(@"data %@", strData);
}];
Fernando Santiago
  • 2,128
  • 10
  • 44
  • 75
  • Check out this SO post-http://stackoverflow.com/questions/1571336/sending-post-data-from-iphone-over-ssl-https – Raghav Jan 15 '15 at 03:10
  • @Raghav_1357 i found this: http://stackoverflow.com/questions/10063224/ios-https-authentication but is a totally diferent solution... which one should i use? – Fernando Santiago Jan 15 '15 at 16:35
  • I posted an answer with some code, why don't you try it out? – Raghav Jan 15 '15 at 16:39

1 Answers1

1

Found this to be a good example, why don't you try it out?

 NSString *urlstring =[[NSString alloc] initWithFormat:@"userName=%@&password=%@",userName.text,password.text];
NSURL *url=[NSURL URLWithString:@"https://www.example.com/mobile/Login.php"];

NSData *postData = [urlstring dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];

NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];

NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
[request setURL:url];
[request setHTTPMethod:@"POST"];
[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:postData];


[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];

NSError *error;
NSURLResponse *resp;
NSData *urlData=[NSURLConnection sendSynchronousRequest:request returningResponse:&resp error:&error];

NSString *data=[[NSString alloc]initWithData:urlData encoding:NSUTF8StringEncoding];
Raghav
  • 470
  • 3
  • 13
  • I did, everything works fine, but how can i be sure this is using the right https protocol? – Fernando Santiago Jan 15 '15 at 16:44
  • I doubt there'll be any issues, from my knowledge of this topic, I think your data'll be secure... – Raghav Jan 15 '15 at 16:46
  • @FernandoSantiago This is not a good example. In fact, it doesn't solve the problem properly and also has a number of issues (incorrect character encoding conversions and nonexistent form url encoding of the post data). In order to solve it properly, you need to use the delegate approach and implement the corresponding delegate where you provide the user credentials according the required authentication method (if needed) and also perform sever trust evaluation to ensure you are connected to the desired server. – CouchDeveloper Jan 15 '15 at 19:18
  • @CouchDeveloper Do you have any link where i can find more information about this? – Fernando Santiago Jan 15 '15 at 22:20
  • @CouchDeveloper what do you mean by "doesnt solve the problem properly"? does the data is sent encoded using https or not? I just removed the "[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[url host]];" and everything is working fine, the only think is that i wonder if the data is being sending secure or not – Fernando Santiago Jan 15 '15 at 22:38
  • @CouchDeveloper Could you please elaborate on that? What would be the right way to go about this then? It's possible I'm wrong, networking isn't my strongpoint... – Raghav Jan 16 '15 at 04:02
  • 1
    @FernandoSantiago Networking _is_ complex - especially when you have to ensure security. In order to deal with authentication you need to use the _delegate approach_ of NSURLConnection/NSURLSession. I would suggest to start reading here [NSURLSession/NSURLConnection Authentication](https://developer.apple.com/library/mac/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html). It's a broad topic, though. Strongly recommended: [HTTPS Server Trust Evaluation](https://developer.apple.com/library/ios/technotes/tn2232/_index.html). – CouchDeveloper Jan 16 '15 at 07:36