How to display the Authentication Challenge in UIWebView?

StackOverflow https://stackoverflow.com/questions/1769888

Question

I am trying to access a secure website through UIWebView. When I access it through safari, i get an authentication challenge but the same does not appear in my UIWebView in the application. How can I make it appear?

Any pointers, sample code or links will be very helpful. Thanks a lot.

Was it helpful?

Solution

It's actually super easy... I'm sure you can just show a UIAlertView when the auth challenge delegate is shown (or prior to loading the URL, if you know for sure that the URL you're hitting will prompt for auth login info). Anyways, the trick is to create your own NSURLConnection and I do some logic to save whether the auth delegate has been used.

- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
    NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authed);

    if (!_authed) {
        _authed = NO;
        /* pretty sure i'm leaking here, leave me alone... i just happen to leak sometimes */
        [[NSURLConnection alloc] initWithRequest:request delegate:self];
        return NO;
    }

    return YES;
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
    NSLog(@"got auth challange");

    if ([challenge previousFailureCount] == 0) {
        _authed = YES;
        /* SET YOUR credentials, i'm just hard coding them in, tweak as necessary */
        [[challenge sender] useCredential:[NSURLCredential credentialWithUser:@"username" password:@"password" persistence:NSURLCredentialPersistencePermanent] forAuthenticationChallenge:challenge];
    } else {
        [[challenge sender] cancelAuthenticationChallenge:challenge];
    }
}

- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
    NSLog(@"received response via nsurlconnection");

    /** THIS IS WHERE YOU SET MAKE THE NEW REQUEST TO UIWebView, which will use the new saved auth info **/

    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:[NSURL URLWithString:]];

    [_webView loadRequest:urlRequest];
}

- (BOOL)connectionShouldUseCredentialStorage:(NSURLConnection *)connection;
{
    return NO;
}

OTHER TIPS

You can also provide your credentials in the url. Just add username and password between 'http://' and 'page url'. 

NSString *urlString = @"http://username:password@domain.com/home";
[webview loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:urlString]]];

as you know, UIWebView does not provide opportunities to communicate with the server. I solved this problem this way: in the delegate method shouldStartLoadWithRequest of UIWebView I initiating another connection with NSURLConnection, and already in the method of the delegate NSURLConnection didReceiveAuthenticationChallenge processed the сhallenge from the server. Аnd in the method didReceiveResponse (if the challenge came) then again in the same UIWebView load the same URL (challenge has already been processed:). Do not forget to cancel connection in didReceiveResponse, otherwise it will double the traffic.

if you are experiencing symptoms of what Zach described in the comments of Sahil's answer:

as y5h said as well, add `_authed = YES' to the didReceiveResponse method which will stop the infinite looping. even if the auth wasnt successful you need to treat it as if it was authed so it will try continuing loading the page if no authentication is required, if authentication was really required, then it will just fail like normal.

for the second symptom where the shouldStartLoadWithRequest: fires multiple times (due to embedded content on the webpage) and it will just show the last thing that loaded and not the whole web page, do this:

in the shouldStartLoadWithRequest: method, add this to the top

if(webview.loading){ //if url requests come through while its loading, its probably embedded content
    return YES;
}

edit: this above method has issues if the page fully loads, and then loads more embedded content afterwards, breaks with facebook which is the only case ive seen so far

this will let urls through while the website is trying to load. im not sure if its safe to assume that every url after the initial request is embedded content, but for my purposes it seemed to work, so maybe it will for you as well.

also, use 

- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

because

connection:canAuthenticateAgainstProtectionSpace:
connection:didReciveAuthenticationChallenge:
connection:didCancelAuthenticationChallenge:

are depricated, and for me, you could not authenticate with https websites using them

I would like to suggest another answer using the following pod: https://github.com/jivesoftware/JiveAuthenticatingHTTPProtocol

It contains an example showing how to use a UIAlertView to ask the user for the password, and could easily be adapted to return a saved password from a local DB for instance.

Disclaimer: I am in no way affiliated with Jive nor have I ever been, this is just a suggestion of a tool that helped me after struggling for days on this.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top