iOS:如何建立安全的 HTTPS 连接以传递凭据?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3509082/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
iOS: How to make a secure HTTPS connection to pass credentials?
提问by Andrew
I am creating my first iPad app. I have a web application that I would like to authenticate against and pull data from in a RESTful way.
我正在创建我的第一个 iPad 应用程序。我有一个 Web 应用程序,我想以 RESTful 方式对其进行身份验证并从中提取数据。
If you open up the URL in the browser (https://myapp.com/auth/login), you will get a form to enter your username and password. I was thinking I could set the login credentials in the post data of the request and submit the data.
如果您在浏览器中打开 URL ( https://myapp.com/auth/login),您将获得一个表单,用于输入您的用户名和密码。我在想我可以在请求的发布数据中设置登录凭据并提交数据。
The site uses HTTPS for login so that credentials aren't passed in plain text over the internet.
该站点使用 HTTPS 进行登录,因此凭据不会通过 Internet 以纯文本形式传递。
How can I make a secure HTTPS connection to pass credentials? Will this remember that I am logged in for future requests? What is the best way to do this?
如何建立安全的 HTTPS 连接以传递凭据?这会记住我已登录以备将来请求吗?做这个的最好方式是什么?
采纳答案by JosephH
Further update, October 2013
进一步更新,2013 年 10 月
Although at the time I wrote this answer, ASIHTTPRequest was maintained a widely supported, this is no longer the case. It is not recommended for new projects - instead use NSURLConnection directly, or use AFNetworking.
虽然在我写这个答案的时候,ASIHTTPRequest 得到了广泛的支持,但现在已经不是这样了。不推荐用于新项目——而是直接使用 NSURLConnection,或者使用 AFNetworking。
With AFNetworking, there is a [httpClient setAuthorizationHeaderWithUsername:username password:password];method for http authentication, and create a POST style form is equally easy - see AFNetworking Post Requestfor that.
使用 AFNetworking,有一种[httpClient setAuthorizationHeaderWithUsername:username password:password];http 身份验证方法,创建 POST 样式表单同样容易 - 请参阅AFNetworking Post Request。
Original answer:
原答案:
A lot of people use the ASIHTTPRequest class to deal with http & https on the iPhone/iPad, as it has a lot of useful features that are difficult or time consuming to achieve with the built in classes:
很多人在 iPhone/iPad 上使用 ASIHTTPRequest 类来处理 http 和 https,因为它有很多有用的功能,这些功能很难用内置的类来实现或耗时:
http://allseeing-i.com/ASIHTTPRequest/
http://allseeing-i.com/ASIHTTPRequest/
Starting at the simplest level you'd start with something like:
从最简单的级别开始,您可以从以下内容开始:
NSURL *url = [NSURL URLWithString:@"http://allseeing-i.com"];
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
[request startSynchronous];
NSError *error = [request error];
if (!error) {
NSString *response = [request responseString];
NSLog(@"response = %@", response);
}
If you're using HTTP authentication, ASIHTTPRequest will automatically prompt the user for the username and password.
如果您使用 HTTP 身份验证,ASIHTTPRequest 将自动提示用户输入用户名和密码。
IF you're using some other form of authentication you probably need to request the username and password from the user yourself, and submit them as a POST value or a custom http header, and then the response may either include a token in a JSON or XML response, or it could set a cookie.
如果您使用其他形式的身份验证,您可能需要自己向用户请求用户名和密码,并将它们作为 POST 值或自定义 http 标头提交,然后响应可能包含 JSON 中的令牌或XML 响应,或者它可以设置 cookie。
If you add more details as to how the authentication scheme works I can be a bit more specific.
如果您添加有关身份验证方案如何工作的更多详细信息,我可以更具体一些。
Update
更新
Based on the update, to emulate a POST form you'd just need to add lines like:
根据更新,要模拟 POST 表单,您只需要添加如下行:
[request addPostValue:usernameString forKey:@"username"];
[request addPostValue:passwordString forKey:@"password"];
You will also need to change the way you create the request, instead of:
您还需要更改创建请求的方式,而不是:
ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:url];
do:
做:
ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:url];
(I also forget to mention it above, there's code I put earlier is using a synchronous request, so you'd want to replace it with an asynchronous one to avoid blocking the UI once you'd proved it was working.)
(我也忘了在上面提到它,我之前放置的代码使用的是同步请求,所以你想用异步请求替换它,以避免在你证明它正在工作后阻塞 UI。)
There's a JSON framework for the iphone here:
这里有一个适用于 iphone 的 JSON 框架:
http://code.google.com/p/json-framework/
http://code.google.com/p/json-framework/
which works well for me and is simple to use with ASIHTTPRequest.
这对我来说效果很好,并且很容易与 ASIHTTPRequest 一起使用。
