Not using didReceiveAuthenticationChallenge:?

[tciuro]

Hello Sam,

I was just wondering... is there a reason why you're not implementing the challenge callback?:

- (void)connection:(NSURLConnection *)aConnection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

That would take care of BASIC and DIGEST-based authentication.

[samvermette]

@tciuro I'm not too familiar with request authentications. How would this be different than settings the Authorization HTTP header field as I currently do?

[tciuro]

The difference is that you're providing Basic-type authentication, which is weaker than its Digest-based counterpart. Digest Authentication communicates credentials in an encrypted form by applying a hash function to the the username, the password, a server supplied nonce value, the HTTP method, and the requested URI, whereas Basic Authentication uses unencrypted base64 encoding. Basic Authentication should generally only be used where transport layer security is provided such as https.

Checkout the example of using the connection:didReceiveAuthenticationChallenge: delegate method:

http://developer.apple.com/library/mac/#documentation/cocoa/conceptual/urlloadingsystem/Articles/AuthenticationChallenges.html