iPhone: Is it possible to open a password-protected file using openURL?

Question

Title pretty much says it all. My app has the URL and password for the file myFile.ext, located at:

https://myserver.com/stuff.cgi?db=mydb

I want to create an NSURL object which, if passed to UIApplication's canOpenURL and openURL methods, will result in appropriate behavior.

Is this possible? If so how? And are there security issues I should be aware of?

EDIT FOR CLARIFICATION:

The following code produces a URL request which, when sent to the server, successfully causes app to download the file. But what I want to do is open it with openURL.

+ (NSMutableURLRequest *) requestForFileNamed: (NSString *) filename {
    NSString *url = [NSString stringWithFormat:@"%@&user=%@&getbinfile=%@", serverLocation, username, filename];
    NSString *body = [NSString stringWithFormat:@"password=%@", password];
    return [XMLRequestBuilder postRequestWithURL:url body:body];
}

XMLRequestBuilder methods:

+ (NSMutableURLRequest *) requestWithURL: (NSString *) url body: (NSString *) body method: (NSString *) method {
    NSURL * theURL = [NSURL URLWithString:url];
    NSMutableURLRequest * ret = [NSMutableURLRequest requestWithURL:theURL];
    [ret setHTTPBody:[body dataUsingEncoding:NSUTF8StringEncoding]];
    [ret setHTTPMethod: method];
    [ret setTimeoutInterval:kDefaultTimeoutInterval];
    return ret;
}


+ (NSMutableURLRequest *) postRequestWithURL: (NSString *) url body: (NSString *) body {
    return [XMLRequestBuilder requestWithURL:url body:body method:@"POST"];
}

Answer 1

Assuming (as @bodnarbm pointed out) that you want HTTP authentication it's fairly straight forward. Simply implement didReceiveAuthenticationChallenge. Here's a sample from Apple's docs:

Just change [self preferencesName] and [self preferencesPassword] to your username/pwd.

-(void)connection:(NSURLConnection *)connection
        didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{
    if ([challenge previousFailureCount] == 0) {
        NSURLCredential *newCredential;
        newCredential=[NSURLCredential credentialWithUser:[self preferencesName]
                                                 password:[self preferencesPassword]
                                              persistence:NSURLCredentialPersistenceNone];
        [[challenge sender] useCredential:newCredential
               forAuthenticationChallenge:challenge];
    } else {
        [[challenge sender] cancelAuthenticationChallenge:challenge];
        // inform the user that the user name and password
        // in the preferences are incorrect
        [self showPreferencesCredentialsAreIncorrectPanel:self];
    }
}

And here's the link: http://developer.apple.com/mac/library/DOCUMENTATION/Cocoa/Conceptual/URLLoadingSystem/Tasks/UsingNSURLConnection.html

UPDATE: From your comment above it doesn't look like you are using HTTP Authentication (so my code above doesn't apply to you, but I'll leave it to possibly help someone else).

Back to your problem: Are you setting the HTTP method header value to 'POST' in the request? Why are you trying to send the pwd in the body (as POST should) yet the other parameters are in the URL (as GET)? Move the other parameters to the body of the POST request. If you post your code it may be easier to see where you are going wrong.