7

我正在尝试访问受 NTLM 身份验证保护并需要客户端证书的服务器。我正在使用 NSURLConnection 的委托方法进行身份验证,并使用 UIWebview 检索结果。

当服务器需要客户端证书时,我已经设法开发用于 NTLM 身份验证和身份验证的代码:

- (void) connection:(NSURLConnection *)connection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {    

    authMethod = challenge.protectionSpace.authenticationMethod;

    if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] )
    {
        [challenge.sender useCredential:[NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust] forAuthenticationChallenge: challenge];
        return;
    }

    if ( [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate] )
    {
        [... code to extract certificate ...]  
        NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(NSArray*)certsArray persistence:NSURLCredentialPersistencePermanent];
        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
        return;
    }

    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodNTLM])
    {
        NSURLCredential *credential;
        credential = [NSURLCredential
                      credentialWithUser:@"user"
                      password:@"password"
                      persistence:NSURLCredentialPersistencePermanent];
        [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
        return;
    }
    [[challenge sender] performDefaultHandlingForAuthenticationChallenge:challenge];
}

当服务器分别需要 NTLM 身份验证或客户端证书时,一切正常。当一起需要时,证书信息和 NTLM 凭据都在服务器端接收,但 IIS7 返回一个 403 页面,要求提供客户端证书......

您可能需要知道 willSendRequestForAuthenticationChallenge 按此顺序调用四次:

willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodServerTrust
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodNTLM
willSendRequestForAuthenticationChallenge: NSURLAuthenticationMethodClientCertificate

如果你有什么想法?

提前致谢,

4

1 回答 1

1

在 iOS 7 中有效,在 iOS 8 中无效。您使用的是 iOS 8 吗?使用 iOS 7 进行测试(例如在模拟器上)以确认它只是 iOS 8 的问题。它与您可能在日志窗口中看到的“流在打开之前发送事件”错误有关。还要等到它在 iOS 中修复,但我仍然在最新的 8.2 beta 3 中看到它。

于 2015-01-06T17:20:55.670 回答