NSURLConnection SSL HTTP Basic Auth

Question

I am unable to get a url request to do both ssl urls and basic authentication. I did check the other related questions and they dont seem to work

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
//  NSLog(@"We are checking protection Space!");
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Can Auth Secure Requestes!");
        return YES;
    }
    else if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"Can Auth Basic Requestes!");
        return YES;
        //return NO;
    }
    NSLog(@"Cannot Auth!");
    return NO;


}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {
    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Trust Challenge Requested!");
        [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
        [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];

    }
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"HTTP Auth Challenge Requested!");
        NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
        [credential release];
    }

Can't seem to figure out what im doing wrong here. The Connection description says Secure Connection Failed. I have tried with simply ssl and no basic it works fine. I have also tried without ssl and basic and it works fine.

Are you ever getting into the *connection:didReceiveAuthenticationChallenge:* method? Into which part? (I've successfully used basic authentication with SSL.) — Codo, Sep 05 '10 at 15:42

score 3 · Answer 1 · edited Jun 03 '11 at 16:32

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{

    return YES;
}
else 
{
    if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        return YES;
    }
}
    return NO;


}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {

if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
    [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];

}
else 
{
    if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {

        NSURLCredential *creden = [[NSURLCredential alloc] initWithUser:@"USERNAME" password:@"PASSWORD" persistence:NSURLCredentialPersistenceForSession];


        [[challenge sender] useCredential:creden forAuthenticationChallenge:challenge];
        [creden release];
    }
    else 
    {
        [[challenge sender]cancelAuthenticationChallenge:challenge];

    }
}
}

score 1 · Accepted Answer · answered Sep 13 '10 at 15:44

1

It works fine actually, the problem had to do with the SSL certificate.

answered Sep 13 '10 at 15:44

davydotcom

2,170
1
16
18

user2067021 · Answer 3 · 2015-08-05T01:38:24.617

I think the accepted answer may end up incorrectly trusting invalid server certificates, as it doesn't validate the server trust.

Apple's documentation for NSURLCredential credentialForTrust: indicates that you should actually validate the server trust before you use it:

Before creating a server trust credential, it is the responsibility of the delegate of an NSURLConnection object or an NSURLDownload object to evaluate the trust. Do this by calling SecTrustEvaluate, passing it the trust obtained from the serverTrust method of the server’s NSURLProtectionSpace object. If the trust is invalid, the authentication challenge should be cancelled with cancelAuthenticationChallenge:.

Apple's documentation for NSURLAuthenticationChallenge also indicates how a challenge's proposedCredential should be taken into account.

Taking this into account would yield (ARC) code something like this:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge
{
    if (challenge.proposedCredential)
    {
        if (challenge.previousFailureCount == 0)
        {
            [challenge.sender useCredential:challenge.proposedCredential forAuthenticationChallenge:challenge];
        }
        else
        {
            // The server has rejected the proposed credential, and 
            // you should use that credential to populate a password 
            // or certificate chooser dialog, then provide a new credential.
            //  You can create password-based credentials by calling the 
            //  credentialWithUser:password:persistence: method or create
            //  certificate-based credentials with the
            NSLog(@"Need to add code here to create new credential...");
        }
    }
    else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
    {
        NSLog(@"Trust Challenge Requested!");

        // As per NSURLCredential class reference, verify the server trust...
        SecTrustResultType trustResult = kSecTrustResultInvalid;
        const OSStatus status = SecTrustEvaluate(challenge.protectionSpace.serverTrust, &trustResult);

        if (noErr == status &&
            (
                kSecTrustResultProceed == trustResult ||

                // https://developer.apple.com/library/mac/qa/qa1360/_index.html
                kSecTrustResultUnspecified == trustResult
            )
        )
        {
            [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
            [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
        }
        else
        {
            NSLog(@"Failed to verify server trust, cancelling...");
            [challenge.sender cancelAuthenticationChallenge:challenge];
        }
    }
    else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
    {
        NSLog(@"HTTP Auth Challenge Requested!");
        NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
        [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
    }
}

NSURLConnection SSL HTTP Basic Auth

3 Answers3

Linked