Clearing credentials from ASIHTTPRequest

1
votes

I'm working on an iPhone app that uses ASIHTTPRequest to interact with a web service using NTLM authentication. And the credentials should be stored in the keychain. It logs in fine, but I'd like to have a logout button that clears the credentials from the app, and I can't get that to work.

After I click the logout button, I expect that when I return to the view that queries the server that I'll get prompted to log back in again. However, that doesn't happen and the call to the server still authenticates.

The code that makes the request looks like this:

NSString *urlString = [NSString stringWithFormat:@"http://myserver.mydomain.com/myapp/items/%@", itemGroupId];
NSURL *url = [NSURL URLWithString:urlString];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request setUseKeychainPersistence:YES];
[request setShouldPresentAuthenticationDialog:YES];
[request setRequestMethod:@"POST"];
[request addRequestHeader:@"content-type" value:@"application/json;charset=utf-8"];
[request addRequestHeader:@"content-length" value:@"0"];
[request setDelegate:self];
[request startAsynchronous];

For the logout, I've tried calling:

[ASIHTTPRequest removeCredentialsForHost:@"myserver.mydomain.com" port:0 protocol:@"http" realm:nil];

But that doesn't work. The code inside that method doesn't find the NSURLCredential that was saved so that it can remove it, even though those arguments are what I've seen get passed to saveCredentials:forHost:port:protocol:realm: in the first place.

I've also tried calling clearSession, and I've tried disabling session persistence altogether when creating the request using setUseSessionPersistence, but no luck.

I also tried using code based on this example that loops through all of the credentials in the app's keychain and removes them all:

NSURLCredentialStorage *store = [NSURLCredentialStorage sharedCredentialStorage];
for (NSURLProtectionSpace *space in [store allCredentials]) {
    NSDictionary *userCredentialMap = [store credentialsForProtectionSpace:space];
    for (NSString *user in userCredentialMap) {
        NSURLCredential *credential = [userCredentialMap objectForKey:user];
        [store removeCredential:credential forProtectionSpace:space];
    }
}

That sort of works, because the next time the app is launched it'll prompt for a login again. But it doesn't prompt for another login if the app continues to run.

1
iphoneasihttprequest
I am also facing similar problem. Did you find any solution?iPhone Guy
No, I never found a good answer to this.David Anderson

1 Answers

0
votes

Are you sure using port 0 and no realm is correct? Just to make sure I create a NSURL from my connect-url-string (the same url I use for all ASIHTTPRequest), and retrieve the host, port and protocol from that. I only have to mention the realm by hand for now.

Using this code I am able to logout successfully in my app:

// clear keychain
NSURL *url = [NSURL URLWithString:kConnectorUrlString];
[ASIHTTPRequest removeCredentialsForHost:[url host] port:[[url port] intValue] protocol:[url scheme] realm:kConnectorRealm];

My app prompts me again when I let my app continue to run. I am using the same arguments who get passed to saveCredentials too.