Logging in without displaying a login page

Question

I am writing an app which will display articles at a membership based website.

We want the app to be able to read and display articles that are set as "members only" - even if the app owner is not a member.

So I want to be able to login without showing the app user any user or password info.

When I try to access a members only article , I get a redirect, but I do not get an authentication challenge.

Any ideas how I can get my app to login automatically?

Here's what the form looks like. Do I have to include all of the input values in my POST request?

<FORM ACTION="https://www.mysite.com/cgi-bin/mysite/process" METHOD=POST>
<input type="hidden" NAME="mv_todo"  VALUE="return">
<input type="hidden" name="mv_session_id" value="DySUxWM5">
<INPUT TYPE="hidden" name="mv_success_variable_hash" VALUE="">
<INPUT TYPE="hidden" name="mv_success_variable_hash_colon" VALUE="">
<INPUT TYPE="hidden" NAME="mv_successpage" VALUE="index">
<input type="hidden" name="mv_failpage" value="login">

<input value="1942255628Hx0xE2S5iCw0caMyNmrf7j2ROvvM0QUJoEVLVz+2PRq4Jjs4azdjrjWSnwN7JkIr" name="form_fn" type="hidden"><input value="login" name="form_page" type="hidden"><input value="1" name="login_form_2_revisit" type="hidden"><table cellpadding="4" class="standard_form">
<tr><td colspan="2"><font color=red><b>New Visitors:</b></font> <a href="http://www.mysite.com/cgi-bin/mysite/account_create.html"&gt;Create a new account</a></td></tr>
<tr><td class="standard_form_field"><b>Username:</b></td>
<td colspan="1"><input maxlength="64" name="mv_username" onChange="if (this.value.match(/(^\s+)|(\s+$)/)){this.value = this.value.replace(/(^\s+)|(\s+$)/g,'');}if (this.value.match(/^$/) && !this.getAttribute('js_init_now')) {alert('This is a required field. Please make sure that it is not empty.'); this.focus();this.select();return false; }; " type="text" size="15"></td></tr>

<tr><td class="standard_form_field">Password:</td>
<td colspan="1"><input name="mv_password" type="password" size="15"></td></tr>
<tr><td colspan="2"><input value="1" name="persistent_login" type="checkbox"> Remember my login info.</td></tr>
<tr><td colspan="2"><input value="" name="login_complete_param" type="hidden"> <input value="Continue..." name="ig_click form-method:continue" type="submit" class="coolButton"></td></tr>
</table>
<p ></p>

</form>

Answer 1

Not sure on how your site is authenticating... But since you mentioned being redirected I assume its via some webform.

When I had to do something similar, I had a single object that takes care of the webrequests, and it took care of the redirection to the login page, then continued onto the actual page before sending a response to the consumer of the object.

The interesting bits would be in:

- (NSURLRequest *)connection:(NSURLConnection *)connection willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)redirectResponse { ... 

I did:(psuedo-ish code)

NSURL* redirected_url = [request URL] ;
NSString* querystr = [redirected_url query] ;
if ( [self need_to_login:redirected_url] )  {
    NSString* body = [self generate_login_body_string] ;
    request = [self makeRequestLocation:@"/sign_in" Method:@"POST" Body:body] ;
}
return request ;

Where the String for body was the www-form encoded params that the web form would have generated in the browser. The site had a next_url param that had the page to forward to when the login was correct.
Later in the code I check to make sure the login was success, but checking to see if I was redirected to the correct page or redirected to the bad login page.

Answer 2

Use the http://allseeing-i.com/ASIHTTPRequest/ library its alot easier to use then the standard NSURL requests. Also there is alot of really good sample code if you like seeing a working example. I used it on a project recently and it works really well i had to login to a site automatically and it worked perfectly. Good Luck.

Edit:

Looking at the form you just posted. This code should help you it is how you would submit the form using the ASIHTTPREQUEST library. This should get you started... :D

NSURL *url = [NSURL URLWithString:@"https://www.mysite.com/cgi-bin/mysite/process"];
ASIFormDataRequest *requestPOST = [ASIFormDataRequest requestWithURL:url];
[requestPOST setPostValue:@"return" forKey:@"mv_todo"];
[requestPOST setPostValue:@"DySUxWM5" forKey:@"mv_session_id"];
[requestPOST setPostValue:@"" forKey:@"mv_success_variable_hash"];  
[requestPOST setPostValue:@"" forKey:@"mv_success_variable_hash_colo"];
[requestPOST setPostValue:@"index" forKey:@"mv_successpage"];                   
[requestPOST setPostValue:@"login" forKey:@"mv_failpage"];                 
[requestPOST setPostValue:@"942255628Hx0xE2S5iCw0caMyNmrf7j2ROvvM0QUJoEVLVz+2PRq4Jjs4azdjrjWSnwN7JkIr" forKey:@"form_fn"];
[requestPOST setPostValue:@"login" forKey:@"form_page"];
[requestPOST setPostValue:@"1" forKey:@"login_form_2_revisit"];
[requestPOST setPostValue:@"PUT YOUR USERNAME VARIABLE IN HERE" forKey:@"mv_username"];
[requestPOST setPostValue:@"PUT YOUR PASSWORD VARIABLE IN HERE" forKey:@"mv_password"];
[requestPOST setPostValue:@"1" forKey:@"persistent_login"];
[requestPOST setPostValue:@"" forKey:@"login_complete_param"];
[requestPOST setPostValue:@"Continue..." forKey:@"ig_click form-method:continue"];
[requestPOST start];