tags:

views:

33

answers:

1
Q: 

iOS: How to make a secure HTTPS connection to pass credentials?

I am creating my first iPad app. I have a web application that I would like to authenticate against and pull data from in a RESTful way.

If you open up the URL in the browser (https://myapp.com/auth/login), you will get a form to enter your username and password. I was thinking I could set the login credentials in the post data of the request and submit the data.

The site uses HTTPS for login so that credentials aren't passed in plain text over the internet.

How can I make a secure HTTPS connection to pass credentials? Will this remember that I am logged in for future requests? What is the best way to do this?

+1  A: 

A lot of people use the ASIHTTPRequest class to deal with http & https on the iphone/ipad, as it has a lot of useful features that are difficult or time consuming to achieve with the built in classes:

http://allseeing-i.com/ASIHTTPRequest/

Starting at the simplest level you'd start with something like:

  NSURL *url = [NSURL URLWithString:@"http://allseeing-i.com"];
  ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];

  [request startSynchronous];
  NSError *error = [request error];
  if (!error) {
      NSString *response = [request responseString];
      NSLog(@"response = %@", response);
  }

If you're using HTTP authentication, ASIHTTPRequest will automatically prompt the user for the username and password.

IF you're using some other form of authentication you probably need to request the username and password from the user yourself, and submit them as a POST value or a custom http header, and then the response may either include a token in a JSON or XML response, or it could set a cookie.

If you add more details as to how the authentication scheme works I can be a bit more specific.

Update

Based on the update, to emulate a POST form you'd just need to add lines like:

[request addPostValue:usernameString forKey:@"username"];
[request addPostValue:passwordString forKey:@"password"];

You will also need to create the way you create the request, instead of:

  ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];

do:

  ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];

(I also forget to mention it above, there's code I put earlier is using a synchronous request, so you'd want to replace it with an asyncronous one to avoid blocking the UI once you'd proved it was working.)

There's a JSON framework for the iphone here:

http://code.google.com/p/json-framework/

which works well for me and is simple to use with ASIHTTPRequest.

JosephH  2010-08-18 08:25:27
I added a little more explanation. The application is not basic HTTP authentication. It's a form displayed on a webpage that you enter your credentials. I am trying to tweak it so it can act as a RESTful API that I can authenticate against and query for data (that will be returned in JSON format).
Andrew  2010-08-18 20:03:19
Okay, I've updated my answer with a bit more detail. Essentially it should all be quite straightforward with ASIHTTPRequest.
JosephH  2010-08-18 20:36:08
So, once I've "posted" the request to /auth/login, will my iPhone app remember that it is authenticated? In the browser, there are cookies that get set. In other words, now that I'm "authenticated", can I make another request that requires you to be authenticated? (i.e. GET /users/all)
Andrew  2010-08-19 19:09:34
Actually...I think you might have answered that question already in your first post. It looks like cookies are supported. I will have to try it out and see how it works.
Andrew  2010-08-19 19:20:26
I'm getting warnings in XCode saying "ASIHTTPRequest may not respond to -addPostValue:forKey". What am I doing wrong?
Andrew  2010-08-20 00:10:39
Apologies, my mistake - it should be an ASIFormDataRequest you create for this, not an ASIHTTPRequest... I'll update the answer with the needed line.
JosephH  2010-08-20 08:53:12
Yes, I believe the cookies will just work. btw: the documentation for ASIHTTPRequest is very good if you've not already come across it - it's here: http://allseeing-i.com/ASIHTTPRequest/How-to-use
JosephH  2010-08-20 08:55:01

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode