5 Replies
      Latest reply: Jan 23, 2017 10:55 AM by eskimo RSS
      tej13 Level 1 Level 1 (0 points)

        Hi,

        How do I perform SSL authentication with p12 certificate for a webview request as we do for NSUrlSession. I am able to handle the authentication with the certificate using the delegate "didReceiveChallenge". Please look at the below code snippet which i used for NSUrlSession:


         

            NSString *strAuthenticationMethod = challenge.protectionSpace.authenticationMethod;
            NSLog(@"authentication method: %@", strAuthenticationMethod);
            NSURLCredential *credential = nil;
            if([strAuthenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate])
            {
                credential = [self getCredentialsForClientTrust]; // This function will give me a NSURLCredential object for my p12 certificate
                if(credential)
                {
                    NSLog(@"credentials obtained%@",credential);
                    completionHandler(NSURLSessionAuthChallengeUseCredential,credential);
                }
                else{
                    NSLog(@"failed to get credentials %@",credential);
                    completionHandler(NSURLSessionAuthChallengeUseCredential,nil);
                }
            }
            else
            {
                completionHandler(NSURLSessionAuthChallengeUseCredential,nil);  
            }
        

         

        This works perfectly, but how do I perform this operation for a webview request?

         

        Thanks!!

        • Re: SSL Mutual Authentication for webview request in iOS
          eskimo Apple Staff Apple Staff (6,260 points)

          What web view are you using?  iOS has three! (UIWebView, WKWebView and SFSafariViewController)

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: SSL Mutual Authentication for webview request in iOS
              tej13 Level 1 Level 1 (0 points)

              I am looking for UIWebView

                • Re: SSL Mutual Authentication for webview request in iOS
                  eskimo Apple Staff Apple Staff (6,260 points)

                  I am looking for UIWebView

                  Ah, that explains things; I was confused because I misunderstood the context of the code snippet you posted.

                  UIWebView does not support an authentication handling delegate callback.  In general I recommend that folks move to WKWebView, which does have such a callback; that callback provides a well-supported and easy way to handle authenticating challenges that the view encounters.

                  Unfortunately, WKWebView’s authentication challenge support is broken for NSURLAuthenticationMethodClientCertificate challenges (r. 22659960).  The only way to work around this is to:

                  • stick with UIWebView )-:

                  • use an NSURLProtocol to intercept the network requests made by the web view and recursively dispatch them so that your code sees the authentication challenges

                  The CustomHTTPProtocol sample code shows the basic strategy (although it shows how to handle NSURLAuthenticationMethodServerTrust challenges, which is a bit pointless these days because WKWebView’s support for those challenges works just fine).

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: SSL Mutual Authentication for webview request in iOS
                      blong Level 1 Level 1 (0 points)

                      Hi Quinn,

                       

                      if I read this correctly you're saying there's no way to use the built in hooks for client certificate authentication in WKWebView currently?

                       

                      We're migrating our existing application from UIWebView to WKWebView and I'm currently trying to get our authentication with client certificate authentication logic that worked in UIWebView to perform in WKWebView (without success).

                       

                          func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Swift.Void) {
                              if challenge.previousFailureCount < 5 {
                                  if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
                                      let credential = URLCredential.init(trust: challenge.protectionSpace.serverTrust!)
                                      completionHandler(.useCredential, credential)
                                  } else if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate {
                                      identity = self.getClientCertificate()
                                      if identity != nil {
                                          var certificate : SecCertificate?
                                          SecIdentityCopyCertificate(identity, &certificate)
                                          let certs = [certificate!]
                                        
                                          let credential = URLCredential.init(identity: identity, certificates: certs, persistence: .none)
                                          completionHandler(.useCredential, credential)
                                      }
                                  } else {
                                      completionHandler(.cancelAuthenticationChallenge, nil)
                                  }
                              }
                          }
                      

                       

                      Searching on NSURLAuthenticationMethodClientCertificate handling I found your above post, do you know if there a fix for this authenication scheduled for 2017 as we cannot complete our planned migration to WKWebView until this issue is resolved?

                       

                      Regards, Brian.

                        • Re: SSL Mutual Authentication for webview request in iOS
                          eskimo Apple Staff Apple Staff (6,260 points)

                          if I read this correctly you're saying there's no way to use the built in hooks for client certificate authentication in WKWebView currently?

                          Correct.

                          … do you know if there a fix for this authenication scheduled for 2017 …

                          I’m not allowed to discuss The Future™.

                          Share and Enjoy

                          Quinn “The Eskimo!”
                          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                          let myEmail = "eskimo" + "1" + "@apple.com"