How to implement NTLM Authentication for UIWebView?

views:

132

answers:

+1 Q:

How to implement NTLM Authentication for UIWebView?

I have a use case where a UIWebView may need to connect with a web server secured with NTLM. I also have a use case where I already have the credentials to be passed. So instead of forcing the user to enter them, how do I perform the handshake with the UIWebView?

UPDATE:

Using this method here works well enough when you are doing simple GET requests, but utterly fails when doing POSTs, for the mere fact that it is doing a GET after it is posted.

The ASIHttpRequest and ASIWebPageRequest have the same problem. GET requests work wonders, but any POSTs just don't work. If only the world worked on just GET requests.

I have been able to use this method of including the username and password in the HTTP request string, but that is so grossly insecure as to defy reason for using it. Using a sniffer I am able to see the three-way handshake occur without any problems on both GET and POST requests.

UIWebView doesn't support authentication at all. Up to iPhone OS 3.1, you could add credentials to the central credential storage and UIWebView would at least work with basic authentication. But starting with iOS 4.0, I don't see any way to use authentication (except cookie or URL based forms authentication).

Codo 2010-09-29 10:34:13

If you're willing to try some experimental code, you could use ASIWebPageRequest.

It would be a bit hacky, as you'd have to download the page content with ASIWebPageRequest, load it into a UIWebView, then capture any link clicks in the web view and repeat the process again (if the content at the URL requires authentication). Also, I think you'd have to manage your own history stack.

I don't think it would be easy, but it does seem doable, and it seems like it should work as long as the ASIWebPageRequest code isn't too buggy or limited.

Robot K 2010-10-03 22:36:00

I have been playing with his classes, but not that specific one. I'll give it a try.

Wayne Hartman 2010-10-04 13:04:46

Does not work with POSTs.

Wayne Hartman 2010-10-16 00:19:03

Dangit. You could try what's described here: http://stackoverflow.com/questions/3918512/objective-c-webkit-external-files-causing-401/3919181#3919181, but I have no idea which (if any) authentication method corresponds to NTLM.

Robot K 2010-10-16 02:41:57

Nothing seemed to work with the code that you posted in that other question, even after I fixed the compilation probs. :P

Wayne Hartman 2010-10-16 03:20:43

At this point, I would file a bug at http://bugreport.apple.com. Beyond that, I have no clue.

Robot K 2010-10-16 03:39:39

As of iOS 3.2 and 4.1, there is no public delegate for intercepting the NTLM challenge. There is, however, a private API that can be overriden to give proper support for this. Since this would put your application in danger of being rejected, I will forgo posting the code because it is of no worth for App Store development at the present time.

Wayne Hartman 2010-10-31 23:00:40

ansaurus

tags:

views:

answers:

How to implement NTLM Authentication for UIWebView?

related questions