Home/ Questions/Q 6654679
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T01:25:05+00:00

If I know that authentication is required for my server API, is it faster/better

  • 0

If I know that authentication is required for my server API, is it faster/better to directly force authentication using http header instead of waiting for the server to return 401 response and then respond to it inside NSURLConnection delegate method connection:didReceiveAuthenticationChallenge:?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The “easier way” to provide authentication credentials to a server is to use NSURLConnection delegate method 

    didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

    where you can provide credentials similar to this

    - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {

    if ([challenge previousFailureCount] == 0) {

        NSURLCredential *newCredential;
        newCredential = [NSURLCredential credentialWithUser:userName password:password persistence:NSURLCredentialPersistenceNone];
        [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge];
    } else {
        [[challenge sender] cancelAuthenticationChallenge:challenge];
    }
}

    What will happen is that you first call server with your GET/POST request and if the server requires authentication, and credentials were not provided inside HTTTP header, it will (hopefully) respond with 401 response. The above method will trigger and provide supplied credentials.

    But if you know that your server will always require authentication, it is not efficient to make this extra round of client/server communication and you will be better off to provide your credentials straight away inside the HTTP header.

    The method of providing credentials inside HTTP header is simple apart from the fact that iOS doesn’t come with a method to encode to BASE64.

    NSMutableURLRequest *aRequest = [NSMutableURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringLocalAndRemoteCacheData timeoutInterval:30];

// first create a plaintext string in the format username:password  
NSMutableString *loginString = (NSMutableString *)[@"" stringByAppendingFormat:@"%@:%@", userName, password];  

// encode loginString to Base64
// the Base64 class is not provided and you will have to write it!
NSString *encodedLoginData = [Base64 encode:[loginString dataUsingEncoding:NSUTF8StringEncoding]];  

// prepare the header value   
NSString *authHeader = [@"Basic " stringByAppendingFormat:@"%@", encodedLoginData];  

// add the authentication credential into the HTTP header
[request addValue:authHeader forHTTPHeaderField:@"Authorization"];  

// provide additional HTTP header properties (optional)     
[aRequest setValue:@"application/json" forHTTPHeaderField:@"Accept"];
[aRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[aRequest setHTTPMethod:@"GET"];

// and finally create your connection for above request
NSURLConnection *aConnection = [[NSURLConnection alloc] initWithRequest:aRequest delegate:self];

// don't forget to release the request and nsurlconnection when appropriate...
    • 0