执行 func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge 有什么区别
What's the difference between implementing func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge
在后台会话中,对于使用 https 的应用<>服务器通信,完全轻松地实施以下方法或none有什么区别?
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
completionHandler(.useCredential, challenge.proposedCredential)
}
在这两种情况下,该应用程序都可以正常工作,但我已经了解了每次调用此方法都会增加应用程序的恢复速率限制(这被认为是错误的)
是的,在我意识到该应用程序无需任何实施此方法即可正常运行后,我开始问自己可能实施该方法的原因是什么?通过 401 和后续登录完成授权。
我认为可以从文档中找到一些有用的信息 Performing Manual Server Trust Authentication:
To perform manual server trust authentication, implement the
URLSessionDelegate method urlSession(_:didReceive:completionHandler:).
接下来是:
In most cases, you should let the URL Loading System’s default
handling evaluate the server trust. You get this behavior when you
either don’t have a delegate or don’t handle authentication
challenges.
并通过实施 URLSessionDelegate 方法来解释为什么您可能需要进行手动服务器信任身份验证 urlSession(_:didReceive:completionHandler:):
However, performing your own evaluation may be useful for scenarios
like the following:
You want to accept server credentials that would otherwise be rejected
by the system. For example, your app makes a secure connection to a
development server that uses a self-signed certificate, which would
ordinarily not match anything in the system’s trust store.
You want to reject credentials that would otherwise be accepted by the
system. For example, you want to “pin” your app to a set of specific
keys or certificates under your control, rather than accept any valid
credential.
在后台会话中,对于使用 https 的应用<>服务器通信,完全轻松地实施以下方法或none有什么区别?
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
completionHandler(.useCredential, challenge.proposedCredential)
}
在这两种情况下,该应用程序都可以正常工作,但我已经了解了每次调用此方法都会增加应用程序的恢复速率限制(这被认为是错误的)
是的,在我意识到该应用程序无需任何实施此方法即可正常运行后,我开始问自己可能实施该方法的原因是什么?通过 401 和后续登录完成授权。
我认为可以从文档中找到一些有用的信息 Performing Manual Server Trust Authentication:
To perform manual server trust authentication, implement the URLSessionDelegate method urlSession(_:didReceive:completionHandler:).
接下来是:
In most cases, you should let the URL Loading System’s default handling evaluate the server trust. You get this behavior when you either don’t have a delegate or don’t handle authentication challenges.
并通过实施 URLSessionDelegate 方法来解释为什么您可能需要进行手动服务器信任身份验证 urlSession(_:didReceive:completionHandler:):
However, performing your own evaluation may be useful for scenarios like the following:
You want to accept server credentials that would otherwise be rejected by the system. For example, your app makes a secure connection to a development server that uses a self-signed certificate, which would ordinarily not match anything in the system’s trust store.
You want to reject credentials that would otherwise be accepted by the system. For example, you want to “pin” your app to a set of specific keys or certificates under your control, rather than accept any valid credential.