We are currently investigating updating from the iOS native ArcGIS library (version 10.2.x) to the Xamarin .NET Runtime (version 100.x) to share code between iOS and Android. In doing so, we'll need to continue using our mapping proxy server to create a ServiceFeatureTable. Everything is working as it should on Android, but when using that same code on iOS, we are receiving the following error:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
With the iOS native library, we get around this issue by adding our proxy server to the "ags_trustedHosts" array of NSURLConnection. However, there does not seem to be an equivalent in the Xamarin .NET Runtime (Esri.ArcGISRuntime.Xamarin.iOS, version 100.2.0).
Am I missing something here? Is there a way to use mapping proxies on iOS with the ArcGIS .NET Runtime? If this is in the works but is not available yet, is there an estimated release date for the version that will include this?
Thanks!
FYI: In Runtime 100, the iOS SDK moved the trustedHosts property to the AGSAuthenticationManager.
But we'll get this moved over for the .NET/Xamarin folks to chip in.
Hey Nicholas,
Thanks for the pointer! However, it looks like that property is not available in the .NET Runtime on iOS?
https://developers.arcgis.com/net/latest/android/api-reference/html/T_Esri_ArcGISRuntime_Security_AuthenticationManager.htm
The code below is in the iOS project (not the shared project), so it should show up on this list if it's available on the iOS .NET Runtime:
Thanks!
Indeed. I've pointed the .NET team at your question. I did overhear something about whitelisting using the project manifest/settings but since it's way out of my wheelhouse I'll wait for them to pipe up. That might give you something to look into in the meantime though.
Thanks for pointing them my direction! Hopefully, it'll be something small that I just missed.
Thanks!
Hi,
Are you referring to opting out of App Transport Security (ATS) for specific domains? If so, see this Xamarin doc for more info: App Transport Security - Xamarin
Cheers
Mike
This is not what I'm referring to. In the iOS version of the ArcGIS SDK, there is an AGSAuthenticationManager property called trustedHosts (used to be ags_trustedHosts and on NSURLConnection), but that property is not available in the .NET version. Is that just a bug, or is there a different place/way to do the same thing with the .NET version?
Thanks!
The Xamarin SDK does not expose a thrusted host property. The best thing to do is sign the server with a trusted authority, or alternatively install the self-signed certificate on the phone.
There is an equivalent way that should work in Xamarin.iOS:
ServicePointManager.ServerCertificateValidationCallback += (s,c,k,e) => true;
You probably want to improve that a bit to only return true for the domain ones you "trust", as the above simple example completely disables all SSL validation. For instance you could check the thumbprint of the certificate and make sure it matches your selfsigned cert:
return c.GetCertHashString() == _TRUSTED_CERT_HASH_STRING_;
See more here: https://developer.xamarin.com/api/property/System.Net.ServicePointManager.ServerCertificateValidatio...
Hey Morten,
I have tried this approach, but the ServerCertificateValidationCallback is never called when using ServiceFeatureTable. It's called when I make manual network calls, but not when the ArcGIS Runtime does. Any other ideas?
Also, is there a reason why trusted host property is not available? That seemed to work well in 10.2.x versions.
Thanks!
Any other suggestions on this? We can't use the .NET Runtime if it doesn't work on iOS.
