How to display the Authentication Challenge in UIWebView?

http basic-authentication uiwebview

I am trying to access a secure website through UIWebView. When I access it through safari, i get an authentication challenge but the same does not appear in my UIWebView in the application. How can I make it appear?

Any pointers, sample code or links will be very helpful. Thanks a lot.


Solution 1:

It's actually super easy... I'm sure you can just show a UIAlertView when the auth challenge delegate is shown (or prior to loading the URL, if you know for sure that the URL you're hitting will prompt for auth login info). Anyways, the trick is to create your own NSURLConnection and I do some logic to save whether the auth delegate has been used.

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
    NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authed);

    if (!_authed) {
        _authed = NO;
        /* pretty sure i'm leaking here, leave me alone... i just happen to leak sometimes */
        [[NSURLConnection alloc] initWithRequest:request delegate:self];
        return NO;
    }

    return YES;
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
    NSLog(@"got auth challange");

    if ([challenge previousFailureCount] == 0) {
        _authed = YES;
        /* SET YOUR credentials, i'm just hard coding them in, tweak as necessary */
        [[challenge sender] useCredential:[NSURLCredential credentialWithUser:@"username" password:@"password" persistence:NSURLCredentialPersistencePermanent] forAuthenticationChallenge:challenge];
    } else {
        [[challenge sender] cancelAuthenticationChallenge:challenge];
    }
}

- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
    NSLog(@"received response via nsurlconnection");

    /** THIS IS WHERE YOU SET MAKE THE NEW REQUEST TO UIWebView, which will use the new saved auth info **/

    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:[NSURL URLWithString:]];

    [_webView loadRequest:urlRequest];
}

- (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection;
{
    return NO;
}

Solution 2:

You can also provide your credentials in the url. Just add username and password between 'http://' and 'page url'. 

NSString *urlString = @"http://username:[email protected]/home";
[webview loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:urlString]]];

Solution 3:

as you know, UIWebView does not provide opportunities to communicate with the server. I solved this problem this way: in the delegate method shouldStartLoadWithRequest of UIWebView I initiating another connection with NSURLConnection, and already in the method of the delegate NSURLConnection didReceiveAuthenticationChallenge processed the сhallenge from the server. Аnd in the method didReceiveResponse (if the challenge came) then again in the same UIWebView load the same URL (challenge has already been processed:). Do not forget to cancel connection in didReceiveResponse, otherwise it will double the traffic.

Solution 4:

if you are experiencing symptoms of what Zach described in the comments of Sahil's answer:

as y5h said as well, add `_authed = YES' to the didReceiveResponse method which will stop the infinite looping. even if the auth wasnt successful you need to treat it as if it was authed so it will try continuing loading the page if no authentication is required, if authentication was really required, then it will just fail like normal.

for the second symptom where the shouldStartLoadWithRequest: fires multiple times (due to embedded content on the webpage) and it will just show the last thing that loaded and not the whole web page, do this:

in the shouldStartLoadWithRequest: method, add this to the top

if(webview.loading){ //if url requests come through while its loading, its probably embedded content
    return YES;
}

edit: this above method has issues if the page fully loads, and then loads more embedded content afterwards, breaks with facebook which is the only case ive seen so far

this will let urls through while the website is trying to load. im not sure if its safe to assume that every url after the initial request is embedded content, but for my purposes it seemed to work, so maybe it will for you as well.

also, use 

- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

because

connection:canAuthenticateAgainstProtectionSpace:
connection:didReciveAuthenticationChallenge:
connection:didCancelAuthenticationChallenge:

are depricated, and for me, you could not authenticate with https websites using them

Related

Where should I do Injection with Ninject 2+ (and how do I arrange my Modules?)
How can I see the full expanded contract of a Typescript type?
What is the significance of url-pattern in web.xml and how to configure servlet?
How to prevent closing browser window?
java.sql.SQLException: Access denied for user 'root'@'localhost' (using password: YES)
How to specify a compiler in CMake?
Remove category & tag base from WordPress url - without a plugin
Whether to use "SET NAMES"
How do I run git rebase --interactive in non-interactive manner?
Move / Copy File Operations in Java
How to loop through selected elements with document.querySelectorAll
What is the difference between Dim, Global, Public, and Private as Modular Field Access Modifiers?