All geek questions in one place

How to implement NTLM authentication for UIWebView?

I have a use case where a UIWebView may need to connect to an NTLM-protected web server. I also have a use case when I already have the credentials that need to be transferred. Therefore, instead of forcing the user to enter them, how to perform a handshake using UIWebView ?

UPDATE:

Using this method here works quite well when you execute simple GET requests, but completely fail when doing POST, because the fact that it performs GET after it is sent.

ASIHttpRequest and ASIWebPageRequest have similar problems. GET requests work wonders, but any POST files just don't work. If only the world worked only with GET requests.

I was able to use this method including the username and password in the HTTP request line, but it is so rudely unsafe to ignore the reason for using it. Using the sniffer, I see that a three-way handshake occurs without any problems with GET requests, so and with POST.

+5
source share
4 answers

Like iOS 3.2 and 4.1, there is no public delegate to intercept an NTLM call. However, there is a private API that can be overestimated to provide appropriate support for this. Since this will put your application at risk of being rejected, I will refuse to publish the code because it is not currently worth developing for the App Store.

+1
source

You can set default credentials:

 NSURLProtectionSpace *protectionSpace = [[NSURLProtectionSpace alloc] initWithHost: _host port: 80 protocol: @"http" realm: _host authenticationMethod:NSURLAuthenticationMethodNTLM]; [[NSURLCredentialStorage sharedCredentialStorage] setDefaultCredential:[NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceForSession] forProtectionSpace:protectionSpace];

Now you can let your webviews complete the request, and when it encounters your protenctionSpace, it will log in using the specified credentials

+2
source

If you want to try some experimental code, you can use ASIWebPageRequest .

It would be a little hack, since you would have to load the contents of the page using ASIWebPageRequest, load it into a UIWebView, and then capture any clicks on the links in the web view and repeat this process again (if the contents of the URL require authentication). In addition, I think you will have to manage your own history stack.

I don't think it will be easy, but it seems doable, and it looks like it should work as long as the ASIWebPageRequest code is not too buggy or limited.

0
source

UIWebView does not support authentication at all. Prior to iPhone OS 3.1, you could add credentials to a central credential store, and UIWebView would at least work with basic authentication. But, starting with iOS 4.0, I don’t see the possibility of using authentication (except for authentication based on cookies or URLs).

-1
source

Source: https://habr.com/ru/post/943717/

More articles:


All Articles