1.引入<NSURLSessionDelegate>協議
2.登錄驗證請求
-(void)authenticate { NSURL *url = [NSURL URLWithString:authAddress]; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; request.HTTPMethod = @"GET"; NSString *userString = @"name:password"; NSData *userData = [userString dataUsingEncoding:NSUTF8StringEncoding]; NSString *base64String = [userData base64EncodedStringWithOptions:NSDataBase64EncodingEndLineWithLineFeed]; [request setValue:[NSString stringWithFormat:@"Basic %@",base64String] forHTTPHeaderField:@"Authorization"]; NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration] delegate:self delegateQueue:[NSOperationQueue mainQueue]]; NSURLSessionDataTask *task = [session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { }]; [task resume]; }
3.NSURLSessionDelegate回調
#pragma mark -- NSURLSessionDelegate - (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler { if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate])//Client Authentication { NSURLCredential *credential = [NSURLCredential credentialWithUser:@"name" password:@"password" persistence:NSURLCredentialPersistenceForSession]; completionHandler(NSURLSessionAuthChallengeUseCredential,credential); } else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust])//Server Authentication { SecTrustRef serverTrust = challenge.protectionSpace.serverTrust; SecCertificateRef serverCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0); NSData *serverData = (__bridge_transfer NSData*)SecCertificateCopyData(serverCertificate); NSData *localData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"cert" ofType:@"cer"]]; if ((!localData) || [serverData isEqualToData:localData]) { NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust]; [challenge.sender useCredential:credential forAuthenticationChallenge:challenge]; completionHandler(NSURLSessionAuthChallengeUseCredential,credential); } else { completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,nil); } } else { completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge,nil); } }
注意:NSURLAuthenticationMethodClientCertificate為客戶端證書驗證,有p12證書的話需要使用此證書進行認證,方法參考此文章;NSURLAuthenticationMethodServerTrust為服務端驗證,我們需要用本地證書與服務端返回的挑戰的serverTrust獲得的證書數據進行比對,如果判斷為同一證書,則響應挑戰;特別要注意的是,協議回調會觸發兩次,分別為以上兩種驗證挑戰,如有其它類型挑戰則取消本次驗證
各位大神如有好的經驗希望分享出來~我也是在學習中