我正在尝试访问受 NTLM 身份验证保护并需要客户端证书的服务器。我正在使用 NSURLConnection 的委托方法进行身份验证,并使用 UIWebview 检索结果。
当服务器需要客户端证书时,我已经设法开发用于 NTLM 身份验证和身份验证的代码:
- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
authMethod = challenge.protectionSpace.authenticationMethod;
if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] )
{
[challenge.sender useCredential:[NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust] forAuthenticationChallenge: challenge];
return;
}
if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate] )
{
[... code to extract certificate ...]
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
return;
}
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodNTLM])
{
NSURLCredential *credential;
credential = [NSURLCredential
credentialWithUser:@"user"
password:@"password"
persistence:NSURLCredentialPersistencePermanent];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
return;
}
[[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
}
当服务器分别需要 NTLM 身份验证或客户端证书时,一切正常。当一起需要时,证书信息和 NTLM 凭据都在服务器端接收,但 IIS7 返回一个 403 页面,要求提供客户端证书......
您可能需要知道 willSendRequestForAuthenticationChallenge 按此顺序调用四次:
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodServerTrust
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodNTLM
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate
如果你有什么想法?
提前致谢,