CODEWITHSUNDEEP
iosiisiis-7
malamirada
malamirada

Reputation: 121

iOS "didReceiveAuthenticationChallenge" against IIS7 and Windows 2008

I'm having some problems with authentication in iOS programming. I have a code that works perfectly against IIS6 on Windows 2003, but does not work on Windows Server 2008 with IIS7. Security options are the same on both servers (no anonymous access and "Integrated Windows authentication").

Here is the code of the "didReceiveAuthenticationChallenge" delegate:

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge 
{
//USE STORED CREDENTIALS
Credentials* cred = [[Credentials alloc] init];
NSString* userName = cred.userName;
NSString* pass = cred.pass;

NSString* authMethod = [[challenge protectionSpace] authenticationMethod];

//Kerberos (Negotiate) needs "user@realm" as username
//NTLM Needs domain\\username
if ([authMethod isEqualToString:NSURLAuthenticationMethodNTLM]) {
    userName = [NSString stringWithFormat:@"%@%@", @"es\\" , userName];
}
if ([authMethod isEqualToString:NSURLAuthenticationMethodNegotiate]) {
    userName = [NSString stringWithFormat:@"%@%@", userName, @"@subdomain.domain.com"];
}

NSLog(@"Auth method in use: %@" , authMethod);
NSLog(@"User: %@" , userName);
NSLog(@"Pass: %@" , pass);

if ([challenge previousFailureCount] <= 1) {
    NSLog(@"received authentication challenge");
    NSURLCredential *credential;
    credential = [NSURLCredential 
                     credentialWithUser:userName 
                     password:pass
                     persistence:NSURLCredentialPersistenceForSession];        

    [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];

}
else {
    NSLog(@"Authentication error");
    NSLog(@"Failed login with status code: %d", [(NSHTTPURLResponse*)[challenge failureResponse]statusCode]);
    [[challenge sender] cancelAuthenticationChallenge:challenge];   
}

}

Upvotes: 4

Views: 2095

Answers (1)

malamirada
malamirada

Reputation: 121

Finally, I found the bug... The problem is related to the Authentication method on the Windows 2008 IIS7 Servers.

When you use the "Integrated Windows Authentication", the server can use NTLM or Kerberos. My 2008 servers always use kerberos, even if Kerberos is not configured on these machines.

The solution was edit IIS Metabase to force NTML Authentication.

Upvotes: 2

Related Questions