Search code examples
iphoneiosobjective-cnsurlconnection

Login credential issue using NSURL Methods

I have an webservices url which appends with password. When I run the application by giving correct password, the application is running and at the same time when I run the app with wrong credentials. the app is running, I didn't have an idea to get rid out of the issue. My code is here:

     NSString *post =[[NSString alloc] initWithFormat:@"password=%@",[password text]];
        NSLog(@"PostData: %@",post);
        NSURL *url=[NSURL URLWithString:[NSString stringWithFormat:@"http://myexample.com/Accountservice/Secure/ValidateAccess?password=abcd&type=1"]];

        NSData *postData = [post dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
        NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];
        NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
        [request setURL:url];
        [request setHTTPMethod:@"POST"];
        [request setValue:postLength forHTTPHeaderField:@"Content-Length"];
        [request setValue:@"application/json" forHTTPHeaderField:@"Accept"];
        [request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
        [request setHTTPBody:postData];

        NSURLRequest *request1 = [[NSURLRequest alloc] initWithURL:[NSURL URLWithString:post] cachePolicy:NSURLRequestReloadIgnoringLocalCacheData timeoutInterval:10];

        NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:request1 delegate:self startImmediately:YES];
        if(!connection){
            NSLog(@"connection failed");
        }
        else{
            NSLog(@"connection succeeded");
        }

If I gave 'abcd' as password connection is successfully is displaying. If I gave wrong password connection successfully is displaying. How can I solve the issue? If I gave wrong password need to display an alert.

Solution

  • The issue may be with the url you are using

    1. Fire the url in the browser and see what it returnes
    2. try add the url params with single quotes accesscode='abcd'

    It is not a good practice to pass the credentials via this way. You could use POST method with some valid encryption to prevent the security issues that can occur

    SOLUTION Try this

      NSString *urlString=@"http://myexample.com/Accountservice/Secure/ValidateAccess?";
    self.responseData = [NSMutableData data];
    NSString *post =[NSString stringWithFormat:@"username=%@&password=%@",userNameTextField.text,passwordTextField.text];
    NSData *postData=[post dataUsingEncoding:NSUTF8StringEncoding];
    NSString *postLength = [NSString stringWithFormat:@"%d", [postData length]];
    NSMutableURLRequest *request = [[[NSMutableURLRequest alloc] init] autorelease];
    [request setURL:[NSURL URLWithString:urlString]];
    [request setHTTPMethod:@"POST"];
    [request setValue:postLength forHTTPHeaderField:@"Content-Length"];
    [request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
    [request setHTTPBody:postData];
    NSURLConnection *connection0= [[NSURLConnection alloc] initWithRequest:request delegate:self];
    [connection0 start];