The corporate network which I am using is having "proxy" set up to connect to internet. I made the necessary changes in Network settings in mac and I am able to see websites loading in Safari (I have entered the credentials and saved in KeyChain also), but when I try to access the sites via iOS simulator, the connection fails and asks for authentication but the problem is that no pop-up is being shown so that I can enter the username and pwd. I have seen the pop-ups in iOS6 simulator and it used to work. I would like to know whether I need to do some changes specifically to iOS simulator to get this working?
I tried turning on Settings -> Developer -> Allow HTTP services, this works when you are in an open network (home), but in corporate network auth error is being show in a plain html page and there is no pop-up to enter credentials. I also tried restarting the simulator none of this fixed the issue .
Below is the error
Error Code :407 Proxy Authentication Required. Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209).
Thanks in advance
-anoop
This is mentioned as a known issue in the Xcode 6.1 Release Notes:
iOS Simulator does not support the use of network proxy servers that
require authentication. (14889876)
Related
The bounty expires in 4 days. Answers to this question are eligible for a +250 reputation bounty.
Jugal Thakkar wants to draw more attention to this question.
I have an enterprise Flutter application that needs to launch the login page for the user's Identity Provider (IdP) inside a webview within the app. The IdP supports certificate-based authentication using a certificate present on the user's device (through MDM) to authenticate the user without needing to provide any credentials.
When launching a safari browser to launch this page, it works fine. Safari prompts the user to select a certificate the first time from the ones available and Safari sends it to the server and page successfully proceeds to present the protected resource.
Another requirement is that we need to open the IdP page using a specific user-agent string so that their firewall can be configured to only allow selected apps and not any random Safari page.
Unfortunately, the Safari In-App Browser does not allow overriding user-agent. While using an in-app web view using https://pub.dev/packages/flutter_inappwebview or https://pub.dev/packages/webview_flutter we are unable to get the certificate prompt like the one we see in safari and the communication fails with the following SSL error, with code -1200
An SSL error has occurred and a secure connection to the server cannot be made
When using InAppWebView from https://pub.dev/packages/flutter_inappwebview and accessing the protected site, the onReceivedClientCertRequest handler gets invoked, but I am not sure how to pass the device certificate back in the response. The ClientCertResponse expects a path to the certificate, what should this be?
Is there a way to retrieve the appropriate certificate from the OS's secure storage (keychain?) and send it to the web page? Either Flutter or native iOS code is ok. We are only focusing on iOS for this use case.
I am using Angular Capacitor v3 with axios. Receiving a Network Error when making any request to any external server. This is only occurring while emulating with XCode. The request never reaches the server, just returns immediately with status 0.
I cannot repeat this problem locally on Windows, or published website, or Android Studio emulators, or published to android device.
Not sure if I am missing a permission or configuration, but I have tried adding "Local Network Usage", "Location Always and When In Use" permissions and played around with NSAppTransportSecurity settings to the Info.plist.
I do not believe its an issue with the server since it seems like it never even reaches it. But I have a verified HTTPS certificate, hosted by Azure, with valid CORS rules.
I have also tried HttpClient with Angular, same result.
The error occurs immediately and does not give specific information but here is the message:
{"headers":{"normalizedNames":{},"lazyUpdate":null,"headers":{}},"status":0,"statusText":"Unknown
Error","url":"https://jsonplaceholder.typicode.com/users/1","ok":false,"name":"HttpErrorResponse","message":"Http
failure response for https://jsonplaceholder.typicode.com/users/1: 0
Unknown Error","error":{"isTrusted":true}}
After extensive research and rebuilding from scratch, I found this was a CORS related issue but specific to setup with Azure, which was my hosted server. The confusing part was that even external example calls, such as to "http://jsonplaceholder.typicode.com/users/1" still gave the same error, which wouldn't have CORS issues, as far as I understand. If anyone knows why that happens, please let me know.
This was related to the fact that in ios, the http/https schemes cannot be used, instead it uses capacitor. This scheme is not allowed in Azure App Service CORS settings, unless you allow all, but I could not because I needed to enable Access-Control-Allow-Credentials. So I had to build the CORS configuration with the capacitor scheme allowed in my C# app service code. Removing all settings from CORS in Azure App Service then allowed the settings in my C# code to be applied.
I am just facing same issue
It was working on different domain, no hostname is different and it stopped working.
So it doesn't even make a request to a server.
Also same configuration works on android. just not IOS
I am getting the following error when a request is send to the server. What does this message mean and how could I solve this.
p.a.m.DefaultUrlEncodedCookieDataCodec - Cookie failed message authentication check
I am trying to integrate Silhouette in my application. I am using cookie based authentication. I suppose the warning is related to it but I am not sure what it means and how to solve it.
You have to clear out the PLAY_SESSION cookie from the previous version of Play framework you were running. If you are using Chrome, go to Settings. Scroll down and click on Show Advanced Settings. Privacy -> Content Settings -> All cookies and site data. Here you have an option of clearing out all cookies or filtering by host (likely localhost if you are on your development machine) and deleting only the PLAY_SESSION cookie.
If done correctly, this warning will immediately stop showing up when you make a request to your server.
I am using itms-services to install my app over the air. Everything is working fine if I donĀ“t use a proxy. The app installs properly in iOS6 and iOS7.
But if I use a proxy I simply get the message that the app could not be installed. I get no more information. There is also nothing in the device logs. I am sure that the proxy information in the settings are correct.
The proxy uses basic authentication. I used wireshark to have a look at network traffic.
The iPad sends the proxy credentials correctly when requesting the ipa file for installation.
But the proxy still sends an access denied back to the iPad. Once again I am sure that the credentials are correct.
Is it even possible to use itms-services with a proxy that uses proxy authentication? Has someone ever used itms-services with proxy authentication?
I hope someone can help me. Thanks for your help in advance!
It turned out to be a simple problem. Our provider blocked the CA of the server certificate. When the iPad wanted to check if the server certificate is valid it tried to get the root certificate. But the proxy blocked that request. Strange that apple does not give any hint on that in device logs or anywhere else.
So the "proxy authorization required" by the server had nothing to do with the real problem.
The answer to the actual question is: It is possible to use itms-services to install apps OTA with proxy authentication. (We used basic auth in this case?
When I go to a place with a WiFi hotspot (such as Panera Bread) and connect with my iPhone, the hotspot login page appears as a popup. That is, no matter what app I'm running or what web page I'm on, the login page scrolls up from the bottom, asks for my login credentials, and then disappears.
But at some other hotspots, I don't get the login page until I go to Safari and try to load a web page.
What is the iPhone looking for that causes it to pop up the login page at some hotspots and not others? Is there a special HTML meta tag? Or is it related to the way the redirect is implemented?
I managed to find out the correct term for this authentication type: "Captive portal". Punching in Captive Portal iPhone into Google turned out a few technical details from these pages: one, two, three.
To implement a Wi-Fi popup login page:
DNS request for www.apple.com must not fail
HTTP request for http://www.apple.com/library/test/success.html with special user agent CaptiveNetworkSupport/1.0 wispr must not return Success.
I have not tested this, but it sounds about right.
Comments below mention that iOS 7 behaves differently and may query more than one server. I have not tested this. So easiest would be to simply redirect all HTTP communication to your login page, and block all non-HTTP communication.
Microsoft's captive portal detection uses something similar to pre-iOS7 behavior: its Network Connectivity Status Indicator attempts to contact http://www.msftncsi.com. Windows 8 and 8.1 also include support for WISPr.
Android's captive portal detection, as of AOSP 4.0.1, tries to contact http://clients3.google.com/generate_204 or http://www.google.com/blank.html.
So to be as universal as possible, you'll want to simply block all communication except for authentication, and include WISPr support on the login page.
I'd say "go with a proper authentication on your network" -- something universal such as PEAP+MSCHAPv2 -- but Windows makes it very painful for your users to set it up. I don't know who thought that "Use your Windows authentication details" makes a sane default on machines that are not part of a corporate domain network, or even why "Check certificate validity" is a sane default, as most networks will not consider getting a proper certificate a priority.
iOS 6 has apparently fixed WPA2 EAP as it's suddenly popping the login window now.
Our companies public WiFi requires accepting the terms regarding monitoring, etc. I always had to manually open Safari on iPhone or iPad and navigate somewhere, it redirects to an internal acceptance page and when you clicked the Accept button it would go where you originally were headed.
Today, I updated to iOS 6 and was plesantly surprised to see the Login window slide up from the bottom and allow me to click the Accept button without even opening Safari.
I suspect that when the login page pops up the Wi-Fi is using EAP. This is a Wi-Fi protocol for authentication. In the case where you need to go to a web page then the authentication will be a custom access implemented by a server (i.e. at a higher level
than EAP).