1

My app pulls data from a website which uses Form based authentication. It needs to transparently react to a redirection to the login page & provide the requested credentials via a POST request.

I've previously used ASIHTTPREQUEST & then gone through a process of checking the url to see if I've been redirected to the authentication page & if so sending the POST request with the login form variables & then making the original request again. It works but is a bit of a hack.

I'm presently moving my code over to AFNetworking & wondering if there is a more elegant way of achieving this, perhaps injecting an auth header? to get AFHTTPClient to trigger the authentication delegate methods when a redirect to the auth page occurs & then posting the form. Here's a bit of pseudo code:

- (void)requestFinished:(ASIHTTPRequest *)request {
if ([Connection isAuthURL:[request url]])
{
 // If so have we just tried to login ?
 if ( requestState == requestStateSendingLoginCredentials )
 {
 // Login Failed - tried to login & been redirected back to login page
 [self requestFailed:request];
 }
 else
 {
 // We have been directed to login page after a page request
 requestState = requestStateSendingLoginCredentials
 [self postLoginForm:request];
 }
}
else 
{ // Not the authentication page
 if ( requestState == requestStateSendingLoginCredentials )
 { // We must have successfully logged in
 requestState = requestStateSuccessful;
 // If it was a form we need to post again now were logged in.
 if ([lastRequest isAForm])
 {
 // If original request that triggered the login was a POST request
 // we have to re-send it.
 [self requestURL:nil]; // This will send the last request again
 return;
 }
 }
 if (requestState == requestStateSuccessful)
 {
 [self processResponse:request];
 }
}
asked May 23, 2012 at 16:06

1 Answer 1

3

Make things easy on yourself and use what HTTP gives you.

HTTP defines status codes that tell you whether a request was successful (200) or if they require authorization (401).

Store your credentials in an Authorized HTTP header for your shared AFHTTPClient instance, and you'll be authenticated for all subsequent calls.

Or, if those aren't doing it, you can use AFURLConnection -setAuthenticationChallengeBlock: to respond to authentication challenges.

answered May 24, 2012 at 17:11
4
  • Problem is I don't get a 401 for authentication. I get a 200 after redirecting to the login page. How could I get the AFURLConnection -setAuthenticationChallengeBlock: to fire when this occurs? Commented May 24, 2012 at 20:57
  • Well, the authentication callbacks only work if the server sends any indication that authentication is supposed to happen. Maybe you can hook into the redirect by providing a hook, using the just-added redirect response block property. Commented May 25, 2012 at 23:05
  • Either way, since if you have any ability to change the server backend or use a proper API instead, that would make things much, much easier. Commented May 25, 2012 at 23:07
  • Thanks mattt, I can't touch server so I'll try playing with the redirect response block. Commented May 26, 2012 at 7:03

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.