HTTP Authentication-Digest Authentication

An alternative method of Basic authentication proposed by Certified Digest authentication ←http1.1

Server-side to nonce for questioning, the client to the user name, password, nonce,http method, the request URI, such as the basis of information generated by the response information to authenticate the way.

※ Clear Text delivery without a password

Summary Authentication steps:

1. Clients access a resource that is protected by HTTP Digest authentication.

2. The server returns 401 status and nonce information, requiring the client to authenticate.

http/1.1 401 Unauthorized

Www-authenticate: Digest

Realm= "Testrealm@host.com",

Qop= "Auth,auth-int",

Nonce= "dcd98b7102dd2f0e8b11d0f600bfb0c093",

Opaque= "5ccc069c403ebaf9f0171e9517f40e41"

3. The client will return the summary information of the user name, password, nonce value, HTTP method, and the requested URI as the basis for the checksum value (the default is the MD5 algorithm) to the server.

Five intelligence required for certification:

? Realm: Include information in the response

? Nonce: Include information in the response

? Username: User Name

? Digest-uri: URI of the request

? Response: With the above four information plus password information, using the MD5 algorithm to derive the string.

Authorization: Digest

Username= "Mufasa", ← Client-known information

Realm= "testrealm@host.com", ← Server-side Challenge Response information

Nonce= "dcd98b7102dd2f0e8b11d0f600bfb0c093", ← Server-side Challenge Response information

Uri= "/dir/index.html", ← Client-known information

qop=auth,← server-Side Challenge Response information

nc=00000001,← Client-Calculated information

Cnonce= "0a4f113b", ← Client-Calculated client Nonce

response= "6629fae49393a05397450978507c4ef1", ← Final summary information HA3

Opaque= "5ccc069c403ebaf9f0171e9517f40e41" ← Server-Side Challenge Response information

4. If the authentication succeeds, the corresponding resource is returned. If the authentication fails, it still returns a 401 status and requires authentication again.

Special NOTES:

1. To avoid the transmission of passwords as clear text on the network, relatively improved the security of HTTP authentication.

2. When a user first sets a password for a realm, the server saves a hash value (HA1) based on the user name, realm, and password, rather than the password itself.

3. If qop=auth-int, in addition to the HTTP method and URI path, the request entity body is included in the calculation of HA2 to prevent the put and post requests from being tampered with.

4. However, because nonce itself can be used for summary authentication, it is not possible to ensure the security of the data passed over after authentication.

※nonce: A random string that returns a different nonce each time a 401 response is returned.

※nounce: Random string, each request gets a different nounce.

※MD5 (Message Digest algorithm 5, Information Digest algorithm)

① Username: Realm: Password ⇒HA1

②http Request Way: URI⇒HA2

③ha1:nonce:nc:cnonce:qop:ha2⇒ha3

Above excerpt: http://blog.csdn.net/hotnet522/article/details/5824716

Here's the code:

-(void) Initinternetimagedata: (NSString *) urlstr name: (NSString *) Username password: (nsstring *) password{

NSLog (@ "urlstr====%@", urlstr);

Nsurl *url1=[nsurlurlwithstring:[urlstr Stringbyaddingpercentescapesusingencoding:nsutf8stringencoding]];

Custom Request

Nsmutableurlrequest *request1 = [NSMUTABLEURLREQUESTREQUESTWITHURL:URL1];

Request Expiration Time

Request1.timeoutinterval = 5;

GET request

Request1. HttpMethod = @ "Get";

Nsurlsession * Session1=[nsurlsessionsharedsession];

[[Session1 datataskwithrequest:request1completionhandler:^ nsdata *_nullable data, Nsurlresponse *_Nullable , Nserror * _nullable error) {

Nshttpurlresponse * hresponse1= (Nshttpurlresponse *) response;

NSLog (@ "response=======%@", Hresponse1);

if (hresponse.statuscode==401) {

Nsarray * urlarr=[urlstr componentsseparatedbystring:@ "/"];

Nsmutablestring * Urlstr2=[[nsmutablestringalloc]init];

if ([Urlarr Iskindofclass:[nsarrayclass]]) {

for (int i=3; i<urlarr.count; i++) {

[UrlStr2 appendformat:@ "/%@", Urlarr[i]];

}

}

NSString * autho=[selfhandle401code:hresponse1 url2:urlstr2 user:username Pass:password];

Nsmutableurlrequest *request2 = [[Nsmutableurlrequestalloc]initwithurl:url];

request2.timeoutinterval=5;

[Request2 addvalue:autho forhttpheaderfield:@ "Authorization"];

[Request2 sethttpmethod:@ "get"];

Nsurlsession * Session2=[nsurlsessionsharedsession];

[[Session2 datataskwithrequest:request2completionhandler:^ nsdata *_nullable data, Nsurlresponse *_Nullable , Nserror * _nullable error) {

Nshttpurlresponse * hresponse2= (Nshttpurlresponse *) response;

if (data.length>100) {

NSString *urlresult = [hresponse2.urlabsolutestring];

NSLog (@ "urlresult=======%@", Urlresult);

[Self chaxun:urlresult data:data];

}

}]resume];

}

}] resume];

}

-(NSString *) Handle401code: (Nshttpurlresponse *) Response url2: (NSString *) url2 User: (NSString *) Username pass: ( NSString *) password

{

NSString *wwwauthenticate = [[Response allheaderfields]objectforkey:@ "Www-authenticate"];

NSString *realm = nil;

NSString *qop = nil;

Nsstring*nonce = nil;