iOS “didReceiveAuthenticationChallenge” against IIS7 and Windows 2008

4
votes

I'm having some problems with authentication in iOS programming. I have a code that works perfectly against IIS6 on Windows 2003, but does not work on Windows Server 2008 with IIS7. Security options are the same on both servers (no anonymous access and "Integrated Windows authentication").

Here is the code of the "didReceiveAuthenticationChallenge" delegate:

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge 
{
//USE STORED CREDENTIALS
Credentials* cred = [[Credentials alloc] init];
NSString* userName = cred.userName;
NSString* pass = cred.pass;

NSString* authMethod = [[challenge protectionSpace] authenticationMethod];

//Kerberos (Negotiate) needs "user@realm" as username
//NTLM Needs domain\\username
if ([authMethod isEqualToString:NSURLAuthenticationMethodNTLM]) {
    userName = [NSString stringWithFormat:@"%@%@", @"es\\" , userName];
}
if ([authMethod isEqualToString:NSURLAuthenticationMethodNegotiate]) {
    userName = [NSString stringWithFormat:@"%@%@", userName, @"@subdomain.domain.com"];
}

NSLog(@"Auth method in use: %@" , authMethod);
NSLog(@"User: %@" , userName);
NSLog(@"Pass: %@" , pass);

if ([challenge previousFailureCount] <= 1) {
    NSLog(@"received authentication challenge");
    NSURLCredential *credential;
    credential = [NSURLCredential 
                     credentialWithUser:userName 
                     password:pass
                     persistence:NSURLCredentialPersistenceForSession];        

    [[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];

}
else {
    NSLog(@"Authentication error");
    NSLog(@"Failed login with status code: %d", [(NSHTTPURLResponse*)[challenge failureResponse]statusCode]);
    [[challenge sender] cancelAuthenticationChallenge:challenge];   
}

}

1
iosiisiis-7
Does the didReceiveAuthenticationChallenge method get called?Peter Pajchl
Yes, it's called, I can put some breakpoints there (And the code works form W2003 servers)malamirada
"unfortunately" I don't see anything out of ordinary with your iOS method. Any chance to investigate if the challenge response arrives back to the server and if it does, what happens there?Peter Pajchl

1 Answers

2
votes

Finally, I found the bug... The problem is related to the Authentication method on the Windows 2008 IIS7 Servers.

When you use the "Integrated Windows Authentication", the server can use NTLM or Kerberos. My 2008 servers always use kerberos, even if Kerberos is not configured on these machines.

The solution was edit IIS Metabase to force NTML Authentication.