ArcGIS for iOS (100.x): NSURLSession/NSURLConnection HTTP load failed

882
14
01-15-2018 06:02 AM
NathanJoraanstad
New Contributor

We are currently investigating updating from the iOS native ArcGIS library (version 10.2.x) to the Xamarin .NET Runtime (version 100.x) to share code between iOS and Android. In doing so, we'll need to continue using our mapping proxy server to create a ServiceFeatureTable. Everything is working as it should on Android, but when using that same code on iOS, we are receiving the following error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)

With the iOS native library, we get around this issue by adding our proxy server to the "ags_trustedHosts" array of NSURLConnectionHowever, there does not seem to be an equivalent in the Xamarin .NET Runtime (Esri.ArcGISRuntime.Xamarin.iOS, version 100.2.0).

 

Am I missing something here? Is there a way to use mapping proxies on iOS with the ArcGIS .NET Runtime? If this is in the works but is not available yet, is there an estimated release date for the version that will include this?

 

Thanks!

0 Kudos
14 Replies
Nicholas-Furness
Esri Regular Contributor

FYI: In Runtime 100, the iOS SDK moved the trustedHosts property to the AGSAuthenticationManager.

But we'll get this moved over for the .NET/Xamarin folks to chip in.

0 Kudos
NathanJoraanstad
New Contributor

Hey Nicholas,

Thanks for the pointer! However, it looks like that property is not available in the .NET Runtime on iOS?

https://developers.arcgis.com/net/latest/android/api-reference/html/T_Esri_ArcGISRuntime_Security_AuthenticationManager.htm

The code below is in the iOS project (not the shared project), so it should show up on this list if it's available on the iOS .NET Runtime:

Thanks!

0 Kudos
Nicholas-Furness
Esri Regular Contributor

Indeed. I've pointed the .NET team at your question. I did overhear something about whitelisting using the project manifest/settings but since it's way out of my wheelhouse I'll wait for them to pipe up. That might give you something to look into in the meantime though.

0 Kudos
NathanJoraanstad
New Contributor

Thanks for pointing them my direction! Hopefully, it'll be something small that I just missed.

Thanks!

0 Kudos
MichaelBranscomb
Esri Frequent Contributor

Hi,

Are you referring to opting out of App Transport Security (ATS) for specific domains? If so, see this Xamarin doc for more info: App Transport Security - Xamarin 

Cheers

Mike

0 Kudos
NathanJoraanstad
New Contributor

This is not what I'm referring to. In the iOS version of the ArcGIS SDK, there is an AGSAuthenticationManager property called trustedHosts (used to be ags_trustedHosts and on NSURLConnection), but that property is not available in the .NET version. Is that just a bug, or is there a different place/way to do the same thing with the .NET version?

Thanks!

0 Kudos
dotMorten_esri
Esri Frequent Contributor

The Xamarin SDK does not expose a thrusted host property. The best thing to do is sign the server with a trusted authority, or alternatively install the self-signed certificate on the phone.

There is an equivalent way that should work in Xamarin.iOS:

ServicePointManager.ServerCertificateValidationCallback += (s,c,k,e) => true;

You probably want to improve that a bit to only return true for the domain ones you "trust", as the above simple example completely disables all SSL validation. For instance you could check the thumbprint of the certificate and make sure it matches your selfsigned cert:

return c.GetCertHashString() == _TRUSTED_CERT_HASH_STRING_;

See more here: https://developer.xamarin.com/api/property/System.Net.ServicePointManager.ServerCertificateValidatio...

0 Kudos
NathanJoraanstad
New Contributor

Hey Morten,

I have tried this approach, but the ServerCertificateValidationCallback is never called when using ServiceFeatureTable. It's called when I make manual network calls, but not when the ArcGIS Runtime does. Any other ideas?

Also, is there a reason why trusted host property is not available? That seemed to work well in 10.2.x versions.

Thanks!

0 Kudos
NathanJoraanstad
New Contributor

Any other suggestions on this? We can't use the .NET Runtime if it doesn't work on iOS.

0 Kudos