App Secure | URLSession | Authentication Challenge | NTLM | Security | Credentails

Yesterday, I have posted about How to response Authentication Challange but thoughts came in mind that if you are going with the first options Provide authentication credentials is it really secure and safe? how is client sharing the credentials with the server?

After lots of Google, I have found, how’s NTLM works and it’s pretty interesting to see that client don’t share the password with the server. here are the steps as follow.

Screen Shot 2017-10-12 at 1.06.51 PM.png

  1. The client makes the request to the server.
  2. The server needs to validate the user because there is no identity so server generates 16 bytes random number called as the challenge and sends it to the client.
  3. Client hash this challenge with the user’s password and return it back to the server that is called the response it also includes username as plain text and challenge sent to the client.
  4. The server sends everything to the domain controller and it uses the username to retrieve the hash of the user’s password from security account manager database and hash the challenge.
  5. Domain controller shares the response back to the server if they are identical then authentication is successful otherwise a failure.

So the interesting part is here that Network API doesn’t share the password with the server it means it very secure.

Thank you for reading.

Share your thoughts and feeback.

 

 

 

Any VS AnyObject ? Swift

Swift provides two typealiases for working with non specific types. In simple words we can say.

AnyObject

it can represent an instance of any class type.

Any

it can represent an instance of any type at all, including function types.

But here i want to mention that Apple warns to use Any and AnyObject only when you explicity need the behaviour because it always good to be more specific about the types what you are expecting in your code.

class MyClass   {   }

var things = [Any]()
things.append("String")
things.append(9)
things.append(2.0)
things.append(MyClass())

This things arrays contains IntString, Double and Class as well. Complier convert the Objective C id type into AnyObject since they are class type. Now to discover the specific type of constant and variable, we can use is or as pattern in switch statement cases.

for thing in things {
    switch thing {
        case let someInt as Int:
        print("Some Int Value is there \(someInt)")

    case let someString as String:
        print("Some String Value is there \(someString)")

    case let someFloat as Double:
        print("Some Double Value is there \(someFloat)")
      
    case let someClass as MyClass:
        print("MyClass Class is there")

    default:
        print("Unknown")
    }
}

So summary is Any type represents value of any type including optional types but complier will give you the warning if you really want to use than use as optional value as an Any value.

things.append(optionalNumber as Any)