简体繁体 English

临时苹果应用程序分发IIS7 Windows身份验证IOS 5？

[英]Ad hoc Apple App distribution IIS7 Windows Authentication IOS 5?

原文 2011-10-19 14:10:05 6 2 authentication/ iis-7/ distribution/ ios5/ adhoc

We have a Add hoc distribution for enterprice apps by a secure website. 我们通过安全网站为Enterprice应用提供了临时分发。 Since version 5 we have a problem with authentication in combination with IIS7. 从版本5开始，我们将身份验证与IIS7结合使用时遇到问题。 The user logs in with a windows username and password and clicks download. 用户使用Windows用户名和密码登录，然后单击下载。 Then a " itms-services://?action=download-manifest&url=domain " action is been started. 然后启动“ itms-services：//？action = download-manifest＆url = domain ”操作。

Before IOS 5: The user goes to url, types the username and password. 在IOS 5之前：用户转到url，输入用户名和密码。 The user press download and again the user need to type the username and password. 用户按下下载，然后再次需要输入用户名和密码。 The application is been installed. 该应用程序已安装。

After installing IOS 5: The user goes to url, types the username and password. 安装IOS 5后：用户进入url，输入用户名和密码。 The user press download and get a domain "...." not found. 用户按下下载并找到未找到域“ ....”。 There is no popup again, with the credentials, like before version of IOS 5.. 再次没有带有凭据的弹出窗口，就像IOS 5之前的版本一样。

This solution was working for a half year, but since IOS5 it doesnt work anymore... 该解决方案已经使用了半年，但是自从IOS5起，它不再起作用了...

IIS Log When going to the website and clicking on the action=download that contains the Plist file the IIS shows 401 errors (not authenticated). IIS日志转到网站并单击包含Plist文件的action = download时，IIS会显示401错误（未经身份验证）。 But when I access the .plist or ipa file directly by url in safari I do get a POPUP to authenticate. 但是，当我通过Safari中的url直接访问.plist或ipa文件时，我确实获得了POPUP进行身份验证。

It look like there is a bug in IOS 5 " itms-services://?action=download-manifest&url=domain " actions does not support to authenticate.... 似乎IOS 5中存在错误“ itms-services：//？action = download-manifest＆url = domain ”操作不支持身份验证。

2 个解决方案

Check your plist file if it points to an existing ipa file. 检查您的plist文件是否指向现有的ipa文件。 If you're using .htaccess to authenticate with a ldap directory you'll need to authenticate once for the plist access and once for the ipa access. 如果您使用.htaccess对ldap目录进行身份验证，则需要对plist访问进行一次身份验证，对ipa访问进行一次身份验证。

This sounds like a variation of the double-hop problem in which the originally supplied credentials are not being appropriately passed to the second step in your download routine (or web service call, etc.). 这听起来像是双跳问题的一种变体，其中原始提供的凭据未正确传递到下载例程（或Web服务调用等）的第二步。 http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx

The fact that you previously had to enter the user name and password twice would seem to support this suggestion. 您以前必须两次输入用户名和密码的事实似乎支持此建议。 The error that you're receiving that domain '...' does not exist could indicate that the credential being passed to step two is a local machine account that IIS is running under. 您收到的域“ ...”不存在的错误可能表明，传递给第二步的凭据是运行IIS的本地计算机帐户。

If you can get some logging on this process I would want to determine what the authentication/credentials are that get passed at each step. 如果您可以对此过程进行一些记录，那么我想确定在每个步骤中通过的身份验证/凭据。 It's possible that something in IOS 5 changed the way that impersonation is handled but I think that's likely just a symptom of how either IIS is set up or the final request is being passed. IOS 5中的某些内容可能会更改模拟的处理方式，但我认为这可能只是IIS设置或最终请求传递方式的一种征兆。