如何为UIWebView实现NTLM身份验证?
[英]How to implement NTLM Authentication for UIWebView?
问题描述
I have a use case where a UIWebView may need to connect with a web server secured with NTLM. 
我有一个用例,其中UIWebView可能需要与使用NTLM保护的Web服务器连接。 I also have a use case where I already have the credentials to be passed. 我还有一个用例,我已经有了要传递的凭据。 So instead of forcing the user to enter them, how do I perform the handshake with the UIWebView ? 因此,如何强制用户输入它们,如何与UIWebView进行握手?
UPDATE: 更新:
Using this method here works well enough when you are doing simple GET requests, but utterly fails when doing POSTs, for the mere fact that it is doing a GET after it is posted. 使用此方法在执行简单的GET请求时效果很好,但在执行POST时完全失败,因为事实上它在发布后正在执行GET。
The ASIHttpRequest and ASIWebPageRequest have the same problem. ASIHttpRequest和ASIWebPageRequest也有同样的问题。 GET requests work wonders, but any POSTs just don't work. GET请求工作奇迹,但任何POST都不起作用。 If only the world worked on just GET requests. 如果只有世界只处理GET请求。
I have been able to use this method of including the username and password in the HTTP request string, but that is so grossly insecure as to defy reason for using it. 我已经能够使用这种方法在HTTP请求字符串中包含用户名和密码,但这是非常不安全的,以至于无法使用它。 Using a sniffer I am able to see the three-way handshake occur without any problems on both GET and POST requests. 使用嗅探器,我能够看到三次握手在GET和POST请求中都没有任何问题。
4 个解决方案
解决方案1
2 2012-01-18 09:51:47
You can set the default credential: 您可以设置默认凭据:
NSURLProtectionSpace *protectionSpace = [[NSURLProtectionSpace alloc]
initWithHost: _host
port: 80
protocol: @"http"
realm: _host
authenticationMethod:NSURLAuthenticationMethodNTLM];
[[NSURLCredentialStorage sharedCredentialStorage] setDefaultCredential:[NSURLCredential credentialWithUser:_username password:_password persistence:NSURLCredentialPersistenceForSession] forProtectionSpace:protectionSpace];
Now you can let your webviews do the request, and when it encounters your protenctionSpace it logs in using the given credentials 现在,您可以让您的Web视图执行请求,当它遇到您的protenctionSpace时,它会使用给定的凭据登录
解决方案2
1 已采纳 2010-10-31 23:00:40
As of iOS 3.2 and 4.1, there is no public delegate for intercepting the NTLM challenge. 从iOS 3.2和4.1开始,没有公共代表拦截NTLM挑战。 There is, however, a private API that can be overriden to give proper support for this. 但是,有一个私有API可以覆盖,以便为此提供适当的支持。 Since this would put your application in danger of being rejected, I will forgo posting the code because it is of no worth for App Store development at the present time. 由于这会使您的应用程序面临被拒绝的危险,我将放弃发布代码,因为它目前对App Store开发没有任何价值。
解决方案3
0 2010-10-03 22:36:00
If you're willing to try some experimental code, you could use ASIWebPageRequest . 如果您愿意尝试一些实验代码,可以使用ASIWebPageRequest 。
It would be a bit hacky, as you'd have to download the page content with ASIWebPageRequest, load it into a UIWebView, then capture any link clicks in the web view and repeat the process again (if the content at the URL requires authentication). 这将有点hacky,因为您必须使用ASIWebPageRequest下载页面内容,将其加载到UIWebView中,然后捕获Web视图中的任何链接点击并再次重复该过程(如果URL中的内容需要身份验证) 。 Also, I think you'd have to manage your own history stack. 此外,我认为你必须管理自己的历史堆栈。
I don't think it would be easy, but it does seem doable, and it seems like it should work as long as the ASIWebPageRequest code isn't too buggy or limited. 我认为这不容易,但看起来确实可行,只要ASIWebPageRequest代码没有太多错误或有限,它似乎应该工作。
解决方案4
-1 2010-09-29 10:34:13
UIWebView doesn't support authentication at all. UIWebView根本不支持身份验证。 Up to iPhone OS 3.1, you could add credentials to the central credential storage and UIWebView would at least work with basic authentication. 在iPhone OS 3.1中,您可以向中央凭证存储添加凭据, UIWebView至少可以使用基本身份验证。 But starting with iOS 4.0, I don't see any way to use authentication (except cookie or URL based forms authentication). 但从iOS 4.0开始,我没有看到任何使用身份验证的方法(基于cookie或基于URL的表单身份验证除外)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.