我可以使用NSURLCredentialStorage HTTP基本验证？ [英] Can I use NSURLCredentialStorage for HTTP Basic Authentication?

问题描述

我有一个可可类设置，我想用来连接到一个RESTful Web服务我建设。我决定使用HTTP基本验证我的PHP后台像这样...

I have a cocoa class set up that I want to use to connect to a RESTful web service I'm building. I have decided to use HTTP Basic Authentication on my PHP backend like so…

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    //Stuff that users will see if they click 'Cancel'
    exit;
}
else {
    //Validation Code
    echo "You entered info.";
}
?>

在这一点上，我使用的是同步NSURLConnection的，我的理解苹果的文档状态有认证的支持较少。

At this point I'm using a synchronous NSURLConnection, which I understand the Apple documentation states has less support for Authentication.

但是，它甚至有可能在所有？我能做的cookie认证很容易SANS NSURLProtectionSpaces或NSURLCredentials或任何身份验证类。此外，是否有任何资源在那里我可以阅读更多有关可可认证类？

But is it even possible at all? I can do cookie authentication very easily sans NSURLProtectionSpaces or NSURLCredentials or any of the authentication classes. Also, are there any resources where I can read more about the Cocoa Authentication classes?

感谢。

更新：mikeabdullahuk
您提供的code（第二个例子）几乎等同于我所写的。我做得更多一些调查，并且发现NSURLConnection的返回错误...

UPDATE: mikeabdullahuk The code you supplied (the second example) is almost identical to what I had written. I have done some more investigating, and discovered that the NSURLConnection is returning an error…

Error Domain=NSURLErrorDomain Code=-1012 UserInfo=0x1a5170 "Operation could not be completed. (NSURLErrorDomain error -1012.)"

在code对应NSURLErrorUserCancelledAuthentication。因此很明显，我的code未访问NSURLCredentialStorage，而是被取消认证。可这有什么用PHP进行HTTP认证的功能呢？我很困惑在这一点上。

The code corresponds to NSURLErrorUserCancelledAuthentication. So apparently my code is not accessing the NSURLCredentialStorage and instead is canceling the authentication. Could this have anything to do with the PHP HTTP Authentication functions? I'm quite confused at this point.

推荐答案

一个同步 NSURLConnection的绝对会以 NSURLCredentialStorage 。这里是如何的东西平时的工作：

A synchronous NSURLConnection will absolutely work with NSURLCredentialStorage. Here's how things usually work:

1. NSURLConnection的从服务器请求页


2. 服务器以401响应
回复

3. NSURLConnection的外观，看看有什么凭据可以从网址
搜集

4. 如果该URL那样的不可以提供完整的凭据（用户名和密码）， NSURLConnection的亦会征询 NSURLCredentialStorage 来填补空白


5. 如果完整凭据具有的还是的尚未确定， NSURLConnection的将发送 -connection：didReceiveAuthenticationChallenge：委托方法要求凭据


6. 如果在 NSURLConnection的现在终于有了完整的凭据，它重试原来的请求，包括授权数据。

1. NSURLConnection requests the page from the server
2. The server replies with a 401 response
3. NSURLConnection looks to see what credentials it can glean from the URL
4. If the URL did not provide full credentials (username and password), NSURLConnection will also consult NSURLCredentialStorage to fill in the gaps
5. If full credentials have still not been determined, NSURLConnection will send the -connection:didReceiveAuthenticationChallenge: delegate method asking for credentials
6. If the NSURLConnection now finally has full credentials, it retries the original request including authorization data.

通过使用同步连接方法，您仅失去了第5步，为客户提供定制认证的能力。所以，你可以$ P $在URL中对提供身份验证凭据，或将它们放在 NSURLCredentialStorage 发送请求之前。例如。

By using the synchronous connection method, you only lose out on step 5, the ability to provide custom authentication. So, you can either pre-provide authentication credentials in the URL, or place them in NSURLCredentialStorage before sending the request. e.g.

NSURLRequest *request =
  [NSURLRequest requestWithURL:[NSURL URLWithString:@"http://user:pass@example.com"]];

[NSURLConnection sendSynchronousRequest:request returningResponse:NULL error:NULL];

或

NSURLCredential *credential = [NSURLCredential credentialWithUser:@"user"
                                                         password:@"pass"
                                                      persistence:NSURLCredentialPersistenceForSession];

NSURLProtectionSpace *protectionSpace = [[NSURLProtectionSpace alloc]
  initWithHost:@"example.com"
  port:0
  protocol:@"http"
  realm:nil
  authenticationMethod:nil];


[[NSURLCredentialStorage sharedCredentialStorage] setDefaultCredential:credential
                                                    forProtectionSpace:protectionSpace];
[protectionSpace release];

NSURLRequest *request =
  [NSURLRequest requestWithURL:[NSURL URLWithString:@"http://example.com"]];

[NSURLConnection sendSynchronousRequest:request returningResponse:NULL error:NULL];

这篇关于我可以使用NSURLCredentialStorage HTTP基本验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！