如何为 UIWebView 实现 NTLM 身份验证?
我有一个用例,UIWebView 可能需要与受 NTLM 保护的 Web 服务器连接。我还有一个用例,我已经拥有要传递的凭据。因此,我如何与 UIWebView 执行握手,而不是强迫用户输入它们?
更新:
使用此方法此处 在执行简单的 GET 请求时工作得很好,但在执行 POST 时完全失败,因为它在发布后执行 GET。
ASIHttpRequest 和 ASIWebPageRequest 也有同样的问题。 GET 请求可以产生奇迹,但任何 POST 都不起作用。如果世界只处理 GET 请求就好了。
我已经能够使用这种方法包括HTTP 请求字符串中的用户名和密码,但这非常不安全,以至于无法使用它。使用嗅探器,我可以看到 GET 和 POST 请求上发生的三向握手没有任何问题。
I have a use case where a UIWebView may need to connect with a web server secured with NTLM. I also have a use case where I already have the credentials to be passed. So instead of forcing the user to enter them, how do I perform the handshake with the UIWebView?
UPDATE:
Using this method here works well enough when you are doing simple GET requests, but utterly fails when doing POSTs, for the mere fact that it is doing a GET after it is posted.
The ASIHttpRequest and ASIWebPageRequest have the same problem. GET requests work wonders, but any POSTs just don't work. If only the world worked on just GET requests.
I have been able to use this method of including the username and password in the HTTP request string, but that is so grossly insecure as to defy reason for using it. Using a sniffer I am able to see the three-way handshake occur without any problems on both GET and POST requests.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您可以设置默认凭据:
现在您可以让您的网络视图执行请求,当它遇到您的保护空间时,它会使用给定的凭据登录
You can set the default credential:
Now you can let your webviews do the request, and when it encounters your protenctionSpace it logs in using the given credentials
从 iOS 3.2 和 4.1 开始,没有用于拦截 NTLM 质询的公共委托。然而,有一个私有 API 可以被重写来为此提供适当的支持。由于这会使您的应用程序面临被拒绝的危险,因此我将放弃发布代码,因为目前它对于 App Store 开发没有任何价值。
As of iOS 3.2 and 4.1, there is no public delegate for intercepting the NTLM challenge. There is, however, a private API that can be overriden to give proper support for this. Since this would put your application in danger of being rejected, I will forgo posting the code because it is of no worth for App Store development at the present time.
如果您愿意尝试一些实验性代码,可以使用 ASIWebPageRequest。
这有点麻烦,因为您必须使用 ASIWebPageRequest 下载页面内容,将其加载到 UIWebView 中,然后捕获 Web 视图中的任何链接点击并再次重复该过程(如果 URL 上的内容需要身份验证) 。另外,我认为你必须管理自己的历史堆栈。
我认为这并不容易,但它似乎确实可行,而且只要 ASIWebPageRequest 代码没有太多错误或限制,它似乎就应该可以工作。
If you're willing to try some experimental code, you could use ASIWebPageRequest.
It would be a bit hacky, as you'd have to download the page content with ASIWebPageRequest, load it into a UIWebView, then capture any link clicks in the web view and repeat the process again (if the content at the URL requires authentication). Also, I think you'd have to manage your own history stack.
I don't think it would be easy, but it does seem doable, and it seems like it should work as long as the ASIWebPageRequest code isn't too buggy or limited.
UIWebView根本不支持身份验证。在 iPhone OS 3.1 之前,您可以将凭据添加到中央凭据存储中,UIWebView 至少可以使用基本身份验证。但从 iOS 4.0 开始,我没有看到任何使用身份验证的方法(除了 cookie 或基于 URL 的表单身份验证)。
UIWebView doesn't support authentication at all. Up to iPhone OS 3.1, you could add credentials to the central credential storage and UIWebView would at least work with basic authentication. But starting with iOS 4.0, I don't see any way to use authentication (except cookie or URL based forms authentication).