I'm switching from NSURLConnection to NSURLSession for my app communications and, while I'm at it, trying to move from delegated authentication to utilising NSURLCredentialStorage. I've moved over the code however I'm getting -URLSession:task:didReceiveChallenge being called on the delegate despite having set defaultCredentials on the sharedCredentialStorage when the app launches.
The protection spaces are identical (the one I created when setting up the credentials and the ones passed by the NSURLAuthenticationChallenge) as per the below logged messages:
Register credentials for: <NSURLProtectionSpace: 0x162227c0>: Host:192.168.1.99, Server:https, Auth-Scheme:NSURLAuthenticationMethodDefault, Realm:192.168.1.99, Port:23650, Proxy:NO, Proxy-Type:(null)
Unexpected authentication challenge: <NSURLProtectionSpace: 0x1680ee40>: Host:192.168.1.99, Server:https, Auth-Scheme:NSURLAuthenticationMethodDefault, Realm:192.168.1.99, Port:23650, Proxy:NO, Proxy-Type:(null)
and during the didReceiveChallenge:(NSURLAuthenticationChallenge*)challenge delegate method:
po [[NSURLCredentialStorage sharedCredentialStorage] defaultCredentialForProtectionSpace:[challenge protectionSpace]]
results in
<NSURLCredential: 0x1680ff00>: thecorrectusername
https://stackoverflow.com/a/501869/563905 indicates that, when the server responds with a 401 challenge, the NSURLConnection (is this a NSURLSession problem?) first checks the headers for Authorization (there aren't any set) and then consults NSURLCredentialStorage for credentials for the protection space.
I just don't understand why I'm getting the didReceiveChallenge delegate being called? When I don't have the delegate method set the NSURLSession simply resends the request without any credentials... I'm stumped...
Edit: I've added manual credential handling to the didReceiveChallenge: method and it's being triggered for every request despite only a single NSURLSession being used.
i was just having the same problem where my URLSession would not use the stored credentials. Then i read the reference docs for NSURLSession. Basically what it says is that if you're implementing a custom delegate then you have to handle all the stuff yourself when the delegate methods get called. In other words saving the credentials is half the battle. You will be receiving the challenge every time the server requires authentication so in the didReceiveChallenge method you now have to manually extract the credentials to use and pass them to the completion handler. Let me know if that makes sense.