5 Replies
      Latest reply on Oct 3, 2018 7:57 AM by eskimo
      Niket Level 1 Level 1 (0 points)

        We are implementing SSL Authentication in our application where all API And Resources is on Https Server and required ssl authentication.


        We are sucessfuly implemented all API and working as expected with SSL Authentication on the same server.


        It is not working at all when try to load html url in WKWebview from same server.


        The certifiate we are having is in form of .p12 and  certificate is verified by CA.(IT is not a Self Signed Certificate)


        Now whenever we try to load H
        TML file from url, it only give us 403 Forbidden Access while loading HTML Page.



        Following is the code snippet that we have implemented in my WkWebview Code.


        public func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
                    /// called handler if request already failed previously - increase the pefromance in request ultimately.
                    if challenge.previousFailureCount > 0 {
                        completionHandler(Foundation.URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
                    do {
                        /// validate certificates details
                        let securityIdentity = try findSecurityIdentity(named: "xxxx", password: "xxxxx")
                        let credential = URLCredential(identity: securityIdentity, certificates: nil, persistence: URLCredential.Persistence.permanent)
                        completionHandler(Foundation.URLSession.AuthChallengeDisposition.useCredential, credential)
                    } catch let error {
                        ///cancel auth challenge
                        completionHandler(Foundation.URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
            /// - Throws: throws an inbuild errors
            @objc public func findSecurityIdentity(named name: String, password: String) throws -> SecIdentity {
                let url = Bundle.main.url(forResource: name, withExtension: "p12")
                if url == nil {
                    throw findError(from: .certificatesNotConfigured)
                let data = try Data(contentsOf: url!)
                var importResult: CFArray? = nil
                let err = SecPKCS12Import(
                    data as NSData,
                    [kSecImportExportPassphrase as String: password] as NSDictionary,
                guard err == errSecSuccess else {
                    throw NSError(domain: NSOSStatusErrorDomain, code: Int(err), userInfo: nil)
                let identityDictionaries = importResult as! [[String:Any]]
                return identityDictionaries[0][kSecImportItemIdentity as String] as! SecIdentity

        It always shows 403 page in wkwebview with message "You do not have permission to view this page or directory using this credential"



        Can you please let us know if there is a issue with WKWebview as i have explored some community posts here or someting we are not doing right?

        • Re: wkwebview SSL Auhtentication with .p12 certificate- You do not have permission to view this page or directory using this credential"
          eskimo Apple Staff Apple Staff (12,975 points)

          First things first, the code you posted seems problematic, in that you don’t specifically look for the NSURLAuthenticationMethodClientCertificate authentication challenge.  An authentication challenge handler should always have a form like so:

          let authMethod = challenge.protectionSpace.authenticationMethod
          switch authMethod {
          case NSURLAuthenticationMethodClientCertificate:
              … handle this type of challenge …
          case xxx:
              … handle some other type of challenge …
              completionHandler(.performDefaultHandling, nil)

          However, this may not fix the issue you’re seeing.  Currently shipping OS releases have a bug that prevent you from being able to handle NSURLAuthenticationMethodClientCertificate authentication challenges in WKWebView.

          You should try this again on the currently seeded beta release of your target platform (for example, for iOS this would be iOS 12.0b11).  Last I checked the bug was fixed there.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"