I have an enterprise distribution certificate that I use to deploy internal applications. Certain of my applications have very sensitive material and to protect the application from being installed by just about anyone in the company, I use a password-protected directory on a web server to host the .IPA file, while the .plist file is on an open web server. Here's the problem I have:
On iOS6, I click the link to install (starts with itms-services://), iOS prompts me to enter my credentials then proceeds to install the application.
On iOS7, the same link works just fine, but for some reason, it asks for my credentials TWICE. Once my credentials have been entered twice, the application installs just fine.
Anyone has any idea why this is happening? What's different in this process?
I checked an access log of web server. The itunesstored application asked TWICE. (HEAD and GET)
10.0.2.2 - - [06/Feb/2014:14:50:48 +0900] "HEAD /test/app/app.ipa HTTP/1.1" 401 - "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - test [06/Feb/2014:14:51:03 +0900] "HEAD /test/app/app.ipa HTTP/1.1" 200 - "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - - [06/Feb/2014:14:51:04 +0900] "GET /test/app/app.ipa HTTP/1.1" 401 539 "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - test [06/Feb/2014:14:51:09 +0900] "GET /test/app/app.ipa HTTP/1.1" 200 4066787 "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
So, I changed a setting of web server to ignore basic auth when it requets HEAD.
BEFORE:
<Directory "/Library/WebServer/Documents/test/app/">
AuthType Basic
AuthName "BASIC AUTH"
AuthUserFile "/etc/apache2/htpasswd"
Require valid-user
</Directory>
AFTER:
SetEnvIf Request_Method HEAD headreq
<Directory "/Library/WebServer/Documents/test/app/">
Order Allow,Deny
Allow from env=headreq
AuthType Basic
AuthName "BASIC AUTH"
AuthUserFile "/etc/apache2/htpasswd"
Require valid-user
Satisfy Any
</Directory>
After that, The itunesstored application asked only ONCE. (only GET).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With