我无法获取网址请求同时执行ssl网址和基本身份验证。我确实检查了其他相关问题但似乎没有工作
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
// NSLog(@"We are checking protection Space!");
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSLog(@"Can Auth Secure Requestes!");
return YES;
}
else if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
{
NSLog(@"Can Auth Basic Requestes!");
return YES;
//return NO;
}
NSLog(@"Cannot Auth!");
return NO;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSLog(@"Trust Challenge Requested!");
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
{
NSLog(@"HTTP Auth Challenge Requested!");
NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
[credential release];
}
似乎无法弄清楚我在这里做错了什么。连接描述说安全连接失败。我尝试过简单的ssl,没有基本的工作正常。我也试过没有ssl和basic,它运行正常。
答案 0 :(得分:3)
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
return YES;
}
else
{
if([protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
{
return YES;
}
}
return NO;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
else
{
if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
{
NSURLCredential *creden = [[NSURLCredential alloc] initWithUser:@"USERNAME" password:@"PASSWORD" persistence:NSURLCredentialPersistenceForSession];
[[challenge sender] useCredential:creden forAuthenticationChallenge:challenge];
[creden release];
}
else
{
[[challenge sender]cancelAuthenticationChallenge:challenge];
}
}
}
答案 1 :(得分:1)
它实际上工作正常,问题与SSL证书有关。
答案 2 :(得分:0)
我认为接受的答案最终可能会错误地信任无效的服务器证书,因为它不会验证服务器信任。
Apple's documentation for NSURLCredential credentialForTrust:表示您在使用服务器之前应该实际验证服务器信任:
在创建服务器信任凭证之前,NSURLConnection对象或NSURLDownload对象的委托负责评估信任。通过调用SecTrustEvaluate,传递从服务器的NSURLProtectionSpace对象的serverTrust方法获得的信任来执行此操作。如果信任无效,则应使用cancelAuthenticationChallenge取消身份验证质询:。
Apple's documentation for NSURLAuthenticationChallenge还表示应如何考虑挑战proposedCredential
。
考虑到这一点会产生(ARC)代码,如下所示:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge: (NSURLAuthenticationChallenge *)challenge
{
if (challenge.proposedCredential)
{
if (challenge.previousFailureCount == 0)
{
[challenge.sender useCredential:challenge.proposedCredential forAuthenticationChallenge:challenge];
}
else
{
// The server has rejected the proposed credential, and
// you should use that credential to populate a password
// or certificate chooser dialog, then provide a new credential.
// You can create password-based credentials by calling the
// credentialWithUser:password:persistence: method or create
// certificate-based credentials with the
NSLog(@"Need to add code here to create new credential...");
}
}
else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSLog(@"Trust Challenge Requested!");
// As per NSURLCredential class reference, verify the server trust...
SecTrustResultType trustResult = kSecTrustResultInvalid;
const OSStatus status = SecTrustEvaluate(challenge.protectionSpace.serverTrust, &trustResult);
if (noErr == status &&
(
kSecTrustResultProceed == trustResult ||
// https://developer.apple.com/library/mac/qa/qa1360/_index.html
kSecTrustResultUnspecified == trustResult
)
)
{
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
[challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge];
}
else
{
NSLog(@"Failed to verify server trust, cancelling...");
[challenge.sender cancelAuthenticationChallenge:challenge];
}
}
else if([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodHTTPBasic])
{
NSLog(@"HTTP Auth Challenge Requested!");
NSURLCredential *credential = [[NSURLCredential alloc] initWithUser:@"user" password:@"pass" persistence:NSURLCredentialPersistenceForSession];
[[challenge sender] useCredential:credential forAuthenticationChallenge:challenge];
}
}