NSURLConnection，NSURLRequest，不受信任的证书和用户认证 [英] NSURLConnection, NSURLRequest, untrusted cert and user authentication

问题描述

早上每个人，

我一直在尝试编写一个应用程序，从需要身份验证的远程Web服务执行一些GET。我的主要问题是，这些远程服务器（和有很多）的大多数没有有效的证书。我有接受无效证书的代码和代码，以使用正确的uname&通过（下）。我的问题是让两个人在一起玩。我似乎找不到一个方式发送挑战 NSURLCredential s或正确链接回调的方式。当我尝试链接它们时，我不能让我的 NSURLRequest 调用 didReceiveAuthenticationChallenge 两次。

$ b

验证码...

<$> p $ p> - （void）connection：（NSURLConnection *）connection didReceiveAuthenticationChallenge：（NSURLAuthenticationChallenge *）challenge
{
if（！hasCanceled）{
if challenge beforeFailureCount] == 0）{
NSURLCredential * newCredential;
newCredential = [NSURLCredential credentialWithUser：_username password：_password persistence：NSURLCredentialPersistenceNone];
[[challenge sender] useCredential：newCredential forAuthenticationChallenge：challenge];
}
else {
[[challenge sender] cancelAuthenticationChallenge：challenge];
NSLog（@用户名或密码错误）;
badUsernameAndPassword = YES;
finished = YES;
}
}
}


解决方案>

您只能使用该质询的凭据回复 NSURLAuthenticationChallenge 。您可以使用以下方式确定您收到的挑战类型：

  [[challenge protectionSpace] authenticationMethod] 
  

可能的值为此处记录。对于无效的服务器证书，身份验证方法将为 NSURLAuthenticationMethodServerTrust 。

  if（[challenge previousFailureCount]> 0）{
 //这里处理错误凭证
 [[challenge sender] cancelAuthenticationChallenge：challenge]; 
 return; 
} 
 
 if（[[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodServerTrust）{
 //检查用户以前是否已接受证书，否则提示
} else if（[[challenge protectionSpace] authenticationMethod] == / *这里支持的认证方法* /）{
 [[challenge sender] useCredential：/ *你的用户凭证* / forAuthenticationChallenge：challenge]; 
} 
  

如果您每次都没有获得两个身份验证质询，这不是错误。您可以在创建凭证时缓存凭据。如果您这样做，您将不必再次提示。

Morning Everyone,

I've been attempting to write an application that does some GETs from a remote Web Service that requires authentication. My main problem is that the majority of these remote servers (and there are a lot of them) don't have valid certificates. I've got code to accept the invalid certificate and code to respond to the challenge with the correct uname & pass (below). The problem I'm having is getting the two to play together. I can't seem to find a way to send the challenge both NSURLCredentials or a way to chain the callbacks correctly. When I try to chain them I can't get my NSURLRequest to call didReceiveAuthenticationChallenge twice.

Any thoughts would be appreciated!

Code for Authentication...

-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
{   
    if(!hasCanceled){
        if ([challenge previousFailureCount] == 0) {
            NSURLCredential *newCredential;
            newCredential=[NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceNone];
            [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge];
        } 
        else {
            [[challenge sender] cancelAuthenticationChallenge:challenge];
            NSLog(@"Bad Username Or Password");
            badUsernameAndPassword = YES;
            finished = YES;
        }
    }
}

解决方案

You can only reply to an NSURLAuthenticationChallenge with a credential for that challenge. You can determine what type of challenge you've received using:

[[challenge protectionSpace] authenticationMethod]

The possible values are documented here. In the case of an invalid server certificate, the authentication method will be NSURLAuthenticationMethodServerTrust. In your code, you should check the authentication method and respond appropriately.

if ([challenge previousFailureCount] > 0) {
    // handle bad credentials here
    [[challenge sender] cancelAuthenticationChallenge:challenge];
    return;
}

if ([[challenge protectionSpace] authenticationMethod] == NSURLAuthenticationMethodServerTrust) {
    // check if the user has previously accepted the certificate, otherwise prompt
} else if ([[challenge protectionSpace] authenticationMethod] == /* your supported authentication method here */) {
    [[challenge sender] useCredential:/* your user's credential */ forAuthenticationChallenge:challenge];
}

It's not an error if you don't get both authentication challenges each time. You can cache credentials when you create them. If you do, you won't necessarily be prompted again.

这篇关于NSURLConnection，NSURLRequest，不受信任的证书和用户认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！