问题
We have a Add hoc distribution for enterprice apps by a secure website. Since version 5 we have a problem with authentication in combination with IIS7. The user logs in with a windows username and password and clicks download. Then a "itms-services://?action=download-manifest&url=domain" action is been started.
Before IOS 5: The user goes to url, types the username and password. The user press download and again the user need to type the username and password. The application is been installed.
After installing IOS 5: The user goes to url, types the username and password. The user press download and get a domain "...." not found. There is no popup again, with the credentials, like before version of IOS 5..
This solution was working for a half year, but since IOS5 it doesnt work anymore...
IIS Log When going to the website and clicking on the action=download that contains the Plist file the IIS shows 401 errors (not authenticated). But when I access the .plist or ipa file directly by url in safari I do get a POPUP to authenticate.
It look like there is a bug in IOS 5 "itms-services://?action=download-manifest&url=domain" actions does not support to authenticate....
回答1:
Check your plist file if it points to an existing ipa file. If you're using .htaccess to authenticate with a ldap directory you'll need to authenticate once for the plist access and once for the ipa access.
回答2:
This sounds like a variation of the double-hop problem in which the originally supplied credentials are not being appropriately passed to the second step in your download routine (or web service call, etc.). http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx
The fact that you previously had to enter the user name and password twice would seem to support this suggestion. The error that you're receiving that domain '...' does not exist could indicate that the credential being passed to step two is a local machine account that IIS is running under.
If you can get some logging on this process I would want to determine what the authentication/credentials are that get passed at each step. It's possible that something in IOS 5 changed the way that impersonation is handled but I think that's likely just a symptom of how either IIS is set up or the final request is being passed.
来源:https://stackoverflow.com/questions/7822597/ad-hoc-apple-app-distribution-iis7-windows-authentication-ios-5