需要使用自签名证书和 http 身份验证查看网站 [英] Need to view website with a self-signed certificate and http authentication
问题描述
我无法查看具有自签名证书且还需要 HTTP 身份验证的网站.目前我正在尝试使用 How to display the Authentication Challenge inUIWebView? 和 UIWebView查看自签名网站(没有私有 api,不是 NSURLConnection) - 有可能吗? 作为如何实现这一点的指南.我也在尝试使用绕过自签名证书的私有 api 方法,但我无法找到它的链接.但是私有的api头是:
I am having trouble viewing a website that has a self-signed certificate and also requires HTTP authentication. Currently I am trying to implement it by using How to display the Authentication Challenge in UIWebView? and UIWebView to view self signed websites (No private api, not NSURLConnection) - is it possible? as guides on how to accomplish this. I'm also trying to use the private api method of bypassing self-signed certificates but I'm having trouble finding the link to it. But the private api header is:
@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end
然后我把这些作为重要的功能:
Then I have these as the important functions:
- (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)request navigationType:(UIWebViewNavigationType)navigationType;
{
NSLog(@"Did start loading: %@ auth:%d", [[request URL] absoluteString], _authenticated);
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];
_request=[NSURLRequest requestWithURL:URL];
if (!_authenticated) {
_authenticated = NO;
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];
_urlConnection = [[NSURLConnection alloc] initWithRequest:_request delegate:self];
[_urlConnection start];
[mainWebView loadRequest:_request];
return NO;
}
return YES;
}
基本上是调用一个 nsurl 连接来传入登录凭据.
Basically calls a nsurl connection to pass in log in credentials.
#pragma mark - NURLConnection delegate
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge;
{
NSLog(@"WebController Got auth challange via NSURLConnection");
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];
if ([challenge previousFailureCount] == 0)
{
_authenticated = YES;
NSURLCredential *credential = [NSURLCredential credentialWithUser:@"username"
password:@"password"
persistence:NSURLCredentialPersistenceForSession];
[challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
NSLog(@"credential created");
} else
{
NSLog(@"previous authentication failure");
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
和
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
{
NSLog(@"WebController received response via NSURLConnection");
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response;
NSLog(@"remote url returned error %d %@",[httpResponse statusCode],[NSHTTPURLResponse localizedStringForStatusCode:[httpResponse statusCode]]);
NSLog(@"The response is =%@",response);
_authenticated = YES;
[NSURLRequest setAllowsAnyHTTPSCertificate:YES forHost:[URL host]];
NSURLRequest *urlRequest = [NSURLRequest requestWithURL:URL];
[mainWebView loadRequest:urlRequest];
[_urlConnection cancel];
}
推荐答案
使用 AFNetworking
我通过子类化 AFHTTPRequestOperation
并将此代码添加到 init
This is easy to implement using AFNetworking
I did it by subclassing AFHTTPRequestOperation
and adding this code to the init
// SSL Support
[self setAuthenticationChallengeBlock:^(NSURLConnection *connection, NSURLAuthenticationChallenge *challenge) {
if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge];
}
}];
[self setAuthenticationAgainstProtectionSpaceBlock:^BOOL(NSURLConnection *connection, NSURLProtectionSpace *protectionSpace) {
if([[protectionSpace authenticationMethod] isEqualToString:NSURLAuthenticationMethodServerTrust]) {
if(shouldAllowSelfSignedCert) {
return YES; // Self-signed cert will be accepted
} else {
return NO; // Self-signed cert will be rejected
}
// Note: it doesn't seem to matter what you return for a proper SSL cert
// only self-signed certs
}
// If no other authentication is required, return NO for everything else
// Otherwise maybe YES for NSURLAuthenticationMethodDefault and etc.
return NO;
}];
您还可以将授权标头添加到子类中,这使得在应用的各个部分中使用连接变得非常简单.
You can also add your authorization headers to the subclass, which makes using the connection in various parts of your app very simple.
这篇关于需要使用自签名证书和 http 身份验证查看网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!