1

I'm fetching an http document through a Squid proxy with Basic Auth, using an instance of objective-c's NSURLSession class on iOS8.

I have implemented delegate methods for both URLSession:didReceiveChallenge:completionHandler: and URLSession:task:didReceiveChallenge:completionHandler:, and declared the class as implementing both NSURLSessionDelegate and NSURLSessionTaskDelegate. My URLSession:task:didReceiveChallenge:completionHandler: method does get called, but only after the OS has presented the user with a default dialog box requesting Auth for the HTTP proxy, and Cancel is pressed.

Anyone know why my method isn't called first? I would expect the default handling to happen only in the case that my delegate doesn't implement that method, or the method calls completionHandler(NSURLSessionAuthChallengePerformDefaultHandling).

Jeff
  • 6,646
  • 5
  • 27
  • 33
  • Are you expecting the user to provide credentials unique to them, or are you using shared credentials for your app? If the latter, have you tried supplying the credentials on the initial request? – Mike Taverne Feb 24 '15 at 04:53
  • Shared credentials for the app. I don't mind nailing them onto the initial request, and that ultimately might be more efficient, but doesn't it seem like there should be a way to have the delegate method invoked before involving the user? – Jeff Feb 24 '15 at 06:58
  • According to the documentation, the delegate method should be fired. I'm using Basic auth with NSURLSession on iOS8, but I am setting the Authorization header before submitting the request, and it works great for me. I am calling dataTaskWithURL and I am not setting myself as a delegate. I am using the defaultSessionConfiguration. – Mike Taverne Feb 24 '15 at 08:18
  • Ah - so the server is sending 407 and asking for 'proxy-authentication' but Apple does not consider that an auth challange: https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html Important: The URL loading system classes do not call their delegates to handle request challenges unless the server response contains a WWW-Authenticate header. Other authentication types, such as proxy authentication and TLS trust validation do not require this header. – Jeff Feb 26 '15 at 01:31
  • Apple's documentation, "It also transparently supports both proxy servers and SOCKS gateways using the user’s system preferences." So this is Apple doing me a big favor. Arg. – Jeff Feb 26 '15 at 01:52
  • Interesting. So did you get it working somehow? – Mike Taverne Feb 26 '15 at 05:55

0 Answers0