如何在 Android 上使用 Xamarin 启用 NTLM 和 TLS 1.2? [英] How can I enable NTLM and TLS 1.2 with Xamarin on Android?
问题描述
我正在 Android 上的 Xamarin 中使用客户端应用程序,我需要 TLS 1.2 和 NTLM.
I am working with a client app in Xamarin on Android and I need TLS 1.2 and NTLM.
到目前为止,我一直在使用常规的 System.Net.HttpClientHandler 并且它运行良好 - 看起来像这样:
So far, I have been using the regular System.Net.HttpClientHandler and it has worked fine - it looks like this:
new System.Net.Http.HttpClientHandler()
{
Credentials = credentials
};
但现在我有一个新客户,我需要 TLS 1.2.所以我为Android做了这个代码:
But now I have a new customer and I need TLS 1.2. So I made this code for Android:
new Xamarin.Android.Net.AndroidClientHandler()
{
Credentials = credentials
};
与环境变量:
XA_HTTP_CLIENT_HANDLER_TYPE=Xamarin.Android.Net.AndroidClientHandler
现在,这个 AndroidClientHandler 就证书而言是有效的.但我也需要 NTLM 才能工作.在我看来,AndroidClientHandler 似乎只支持 Basic 和 Digest 身份验证方案(请参阅 Xamarin.Android.Net.AuthenticationScheme).
Now, this AndroidClientHandler works as far as the certificate goes. But I also need NTLM to work. To me it seems like the AndroidClientHandler only has support for Basic and Digest authentication schemes (see Xamarin.Android.Net.AuthenticationScheme).
我也尝试过使用 ModernHttpClient,但在我看来它使用 Mono 的方式与 System.Net.Http.HttpClientHandler 使用的方式相同,因此 TLS 1.2 也无法在那里工作.
I also tried with the ModernHttpClient, but it seems to me that it uses Mono the same way System.Net.Http.HttpClientHandler does, so TLS 1.2 doesn't work there either.
在我看来,这应该是一个很常见的案例,但我仍然无法在网上找到相关示例.我希望我只是遗漏了一些明显的东西.你们是怎么解决的?
It seems to me that this should be a pretty common case, but I still can't find a relevant example on the web. I hope I am just missing something obvious. How have you guys solved this?
推荐答案
我相信通读一遍会对您有所帮助:
I believe it would be beneficial for you to read through:
/// <para>
/// The class supports pre-authentication of requests albeit in a slightly "manual" way. Namely, whenever a request to a server requiring authentication
/// is made and no authentication credentials are provided in the <see cref="PreAuthenticationData"/> property (which is usually the case on the first
/// request), the <see cref="RequestNeedsAuthorization"/> property will return <c>true</c> and the <see cref="RequestedAuthentication"/> property will
/// contain all the authentication information gathered from the server. The application must then fill in the blanks (i.e. the credentials) and re-send
/// the request configured to perform pre-authentication. The reason for this manual process is that the underlying Java HTTP client API supports only a
/// single, VM-wide, authentication handler which cannot be configured to handle credentials for several requests. AndroidClientHandler, therefore, implements
/// the authentication in managed .NET code. Message handler supports both Basic and Digest authentication. If an authentication scheme that's not supported
/// by AndroidClientHandler is requested by the server, the application can provide its own authentication module (<see cref="AuthenticationData"/>,
/// <see cref="PreAuthenticationData"/>) to handle the protocol authorization.</para>
/// <para>AndroidClientHandler also supports requests to servers with "invalid" (e.g. self-signed) SSL certificates. Since this process is a bit convoluted using
/// the Java APIs, AndroidClientHandler defines two ways to handle the situation. First, easier, is to store the necessary certificates (either CA or server certificates)
/// in the <see cref="TrustedCerts"/> collection or, after deriving a custom class from AndroidClientHandler, by overriding one or more methods provided for this purpose
/// (<see cref="ConfigureTrustManagerFactory"/>, <see cref="ConfigureKeyManagerFactory"/> and <see cref="ConfigureKeyStore"/>). The former method should be sufficient
/// for most use cases, the latter allows the application to provide fully customized key store, trust manager and key manager, if needed. Note that the instance of
/// AndroidClientHandler configured to accept an "invalid" certificate from the particular server will most likely fail to validate certificates from other servers (even
/// if they use a certificate with a fully validated trust chain) unless you store the CA certificates from your Android system in <see cref="TrustedCerts"/> along with
/// the self-signed certificate(s).</para>
基本上是这样说的:它支持Basic 和Digest 认证.如果服务器请求的 AndroidClientHandler 中存在不支持的身份验证方案,则应用程序可以提供自己的身份验证模块来处理协议授权.
Basically this says: It supports Basic and Digest authentication. If there's an authentication scheme that's not supported in AndroidClientHandler that is requested by the server, the application can provide it's own authentication module to handle the protocol authorization.
然后我们可以看到 RequestedAuthentication 属性将列出服务器支持的每个方案.:
We then can see that the RequestedAuthentication property will list out the about each scheme supported by the server.:
/// <summary>
/// If the website requires authentication, this property will contain data about each scheme supported
/// by the server after the response. Note that unauthorized request will return a valid response - you
/// need to check the status code and and (re)configure AndroidClientHandler instance accordingly by providing
/// both the credentials and the authentication scheme by setting the <see cref="PreAuthenticationData"/>
/// property. If AndroidClientHandler is not able to detect the kind of authentication scheme it will store an
/// instance of <see cref="AuthenticationData"/> with its <see cref="AuthenticationData.Scheme"/> property
/// set to <c>AuthenticationScheme.Unsupported</c> and the application will be responsible for providing an
/// instance of <see cref="IAndroidAuthenticationModule"/> which handles this kind of authorization scheme
/// (<see cref="AuthenticationData.AuthModule"/>
/// </summary>
这告诉我们,如果它返回 Unsupported 作为我们的 AuthenticationScheme,那么我们需要提交我们自己的 IAndroidAuthenticationModule 来处理挑战.
This tells us that if it returns Unsupported as our AuthenticationScheme, then we need to submit our own IAndroidAuthenticationModule that handles the challenge.
这是 AuthenticationScheme 的枚举:
namespace Xamarin.Android.Net
{
/// <summary>
/// Authentication schemes supported by <see cref="AndroidClientHandler"/>
/// </summary>
public enum AuthenticationScheme
{
/// <summary>
/// Default value used in <see cref="AuthenticationData.Scheme"/>
/// </summary>
None,
/// <summary>
/// <see cref="AndroidClientHandler"/> doesn't support this scheme, the application must provide its own value. See <see cref="AuthenticationData.Scheme"/>
/// </summary>
Unsupported,
/// <summary>
/// The HTTP Basic authentication scheme
/// </summary>
Basic,
/// <summary>
/// The HTTP Digest authentication scheme
/// </summary>
Digest
}
}
因此,我们必须通过在您的实现上扩展此接口来实现自定义 IAndroidAuthenticationModule:
Thus we would have to implement a custom IAndroidAuthenticationModule by extending this interface on your implementation:
然后您将该实现传递到 AuthenticationData.AuthModule 属性:
Then you'd pass that implementation into the AuthenticationData.AuthModule property:
然后您会将其传递给主客户端的 PreAuthenticationData 属性.
You would then pass that into the main client's PreAuthenticationData property.
我希望这会有所帮助!
这篇关于如何在 Android 上使用 Xamarin 启用 NTLM 和 TLS 1.2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
