Sending Username and Password to the webservice

[iphone.savvy]

Dear Experts,

I have to send the username & password to the webservice that will check the authentication with the login credentials stored at the SqlServer database.
The webservice return the response in XML.

My question is do i have to establish connection with webservice before sending username and password to the webservice?

How can i package the request with the username and password?

Thx in advance.

[Duncan C]

Quote:

Originally Posted by iphone.savvy

Dear Experts,

I have to send the username & password to the webservice that will check the authentication with the login credentials stored at the SqlServer database.
The webservice return the response in XML.

My question is do i have to establish connection with webservice before sending username and password to the webservice?

How can i package the request with the username and password?

Thx in advance.

You'll need to talk to the designer of the webservice.

It's pretty common to create a formatted HTTP url that invokes a PHP file on the server, with the username and password as parameters. You can use HTTPS for security if need be. The command might look something like this:

Code:

http://host.com/login.php?username=John%20Doe?password=somepassword

Your code would take the username and password from the user and encode them using percent escapes (where characters like spaces, slashes, brackets, question marks, or other characters that you use as delimiters in your URL are converted to %xx format). You would then insert the username and password into the URL and set it to the host using an NSURLConnection object, or using a third party library like ASIHTTPRequest. The webservice would send back a reply, which would come in as if it was a file in response to your request. You would then need to parse the XML response, using one of various XML libraries. There is one built into iOS, NSXMLParser. There's also libxml, which is a library of C functions. There are others as well. You'll need to do some research to figure out which best meets your needs.

[dany_dev]

you can start reading WebService [How-To]

[RickSDK]

Here's a function i wrote that I use to send username and password to a webservice. It uses Post instead of Get which is nice because it won't crap out if someone includes special characters in their password.

Code:

+(NSString *)getResponseFromServerUsingPost:(NSString *)weblink:(NSArray *)fieldList:(NSArray *)valueList
{
	if([fieldList count] != [valueList count]) {
		return @"Invalid value list!";
	}
	int i=0;
	NSMutableString *fieldStr;
	fieldStr = [NSMutableString stringWithCapacity:256];
	for(NSString *name in fieldList)
		[fieldStr appendFormat:@"&%@=%@", name, [valueList objectAtIndex:i++]];
	
	NSString *responseString = nil;
	NSData *postData = [fieldStr dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
	NSString *postLength = [NSString stringWithFormat:@"%d",[postData length]];
	NSURL *url = [NSURL URLWithString:weblink];
	NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL:url
																cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval: 10];
	
	[request setHTTPMethod:@"POST"];
	[request setValue:postLength forHTTPHeaderField:@"Content-Length"];
	[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Current-Type"];
	[request setHTTPBody:postData];
	NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
	
	if(connection) {
		NSLog(@"Web Connection Established");
		NSData *response = [NSURLConnection sendSynchronousRequest:request returningResponse:nil error:nil];
		responseString = [[NSString alloc] initWithData:response encoding:NSUTF8StringEncoding];
	} else {
		[ProjectFunctions showAlertPopup:@"WebService Error" :@"Not able to connect to the server. Try again later."];
	}
	
	
	[connection release];
	[request release];
	return responseString;
}

[iSDK]

Quote:

Originally Posted by Duncan C

You'll need to talk to the designer of the webservice.

It's pretty common to create a formatted HTTP url that invokes a PHP file on the server, with the username and password as parameters. You can use HTTPS for security if need be. The command might look something like this:

Code:

http://host.com/login.php?username=John%20Doe?password=somepassword

Your code would take the username and password from the user and encode them using percent escapes (where characters like spaces, slashes, brackets, question marks, or other characters that you use as delimiters in your URL are converted to %xx format). You would then insert the username and password into the URL and set it to the host using an NSURLConnection object, or using a third party library like ASIHTTPRequest. The webservice would send back a reply, which would come in as if it was a file in response to your request. You would then need to parse the XML response, using one of various XML libraries. There is one built into iOS, NSXMLParser. There's also libxml, which is a library of C functions. There are others as well. You'll need to do some research to figure out which best meets your needs.

*

Code:

http://host.com/login.php?username=John%20Doe&password=somepassword

[iphone.savvy]

Hi,

One more question,
If i have to send multiple requests to the web service then how i can send the requests without username and password. Because once the username and password are valid i want to hold this session till user logs out.
How to achieve this please advise .

[Mogglas]

Quote:

Originally Posted by iphone.savvy

Hi,

One more question,
If i have to send multiple requests to the web service then how i can send the requests without username and password. Because once the username and password are valid i want to hold this session till user logs out.
How to achieve this please advise .

A quick search on google sent me back here to another thread: http://www.iphonedevsdk.com/forum/ip...hp-iphone.html

And just a tip. When sending login credentials, please do the following to make it at least a bit of an effort for anyone to try and hack you. Use Post instead of Get. And only send hashed and salted passwords, never send the original password to the webservice.