Swift implementation of HTTP network Operations Library Alamofire 4 (User authority authentication)

Viii. using Alamofire for user authentication

1,alamofire supports the following certifications (authentication)

This article explains the use of Alamofire for HTTP Basic authentication.

Introduction to 2,HTTP Basic certification

(1) HTTP Basic authentication is a way to allow HTTP servers to make user IDs for Web browsers.
(2) When a client to the HTTP server data request, the client will receive the HTTP server authentication requirements, then the client will prompt the user to enter the username and password, and then the user name and password to BASE64 encryption. And each time the data is requested, the redaction is appended to the request header.
(3) After each receipt of the request package, the HTTP server according to the protocol to obtain the client additional user information (BASE64 encrypted username and password), unlock the request package, the user name and password to authenticate, if the user name and password is correct, according to the client request, return the data required by the client. Otherwise, return the error code or request the client to provide the username and password.

3,http Basic Authentication Usage Scenarios
HTTP Basic authentication only provides simple user authentication, and the advantage is that it is simple and suitable for systems or devices with low security requirements.
For example, the router's configuration page often uses HTTP Basic authentication. (Browser input router IP address, such as 192.168.1.1, this will be a pop-up user password input box to verify permissions.) ）

Disadvantages of 4,http Basic authentication
(1) There is no flexible and reliable authentication policy, such as domain or realm authentication function can not be provided.
(2) The encryption strength of BASE64 is very low. Of course, the HTTP Basic authentication system can also be combined with SSL or Kerberos to achieve a higher security performance (relative) authentication system.

5, service-side code
To test Alamofire's authentication capabilities, we first create a certified page for testing on the server side. Here, for example, PHP:

<?php
HTTP Basic Authentication
function Authenticate ()
{
Header (' Www-authenticate:basic realm= "");
Header (' http/1.0 401 Unauthorized ');
echo "Please enter the correct username and password";
Exit
}

if (!isset ($_server[' Php_auth_user ')) | |
Addslashes ($_server[' Php_auth_user '])!= ' Hangge ' | |
Addslashes ($_server[' PHP_AUTH_PW '])!= ' 123 ')
{
Authentication failed
Authenticate ();
}
Else
{
Certified Successful
echo "Welcome: {$_server[' php_auth_user ']}<br/>";
echo "Current time:". Date (' h:i:s ');

Authenticate (); Start again
}
?>

When you use the browser to access this authenticate.php page, a dialog box pops up asking for a username and password:

If you enter the correct user name (Hangge) and password (123), the normal data is returned, otherwise the error message is returned and you need to continue typing:

　

6, client code

Use Alamofire for authentication:

Let user = "Hangge"
Let password = "123"

Alamofire.request (. Get, "http://www.hangge.com/authenticate.php")
. Authenticate (User:user, Password:password)
. responsestring {Response in
DebugPrint (response)
Print (Response.result.value)
}
The message printed from the console shows that the authentication passed and the data was successfully obtained:
Original source: www.hangge.com reprint please keep the original link: http://www.hangge.com/blog/cache/detail_973.html