Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

iOS 7 enterprise distribution on secured server [closed]

I have an enterprise distribution certificate that I use to deploy internal applications. Certain of my applications have very sensitive material and to protect the application from being installed by just about anyone in the company, I use a password-protected directory on a web server to host the .IPA file, while the .plist file is on an open web server. Here's the problem I have:

On iOS6, I click the link to install (starts with itms-services://), iOS prompts me to enter my credentials then proceeds to install the application.

On iOS7, the same link works just fine, but for some reason, it asks for my credentials TWICE. Once my credentials have been entered twice, the application installs just fine.

Anyone has any idea why this is happening? What's different in this process?

like image 244
Simon Germain Avatar asked Jan 06 '14 18:01

Simon Germain


1 Answers

I checked an access log of web server. The itunesstored application asked TWICE. (HEAD and GET)

10.0.2.2 - - [06/Feb/2014:14:50:48 +0900] "HEAD /test/app/app.ipa HTTP/1.1" 401 - "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - test [06/Feb/2014:14:51:03 +0900] "HEAD /test/app/app.ipa HTTP/1.1" 200 - "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - - [06/Feb/2014:14:51:04 +0900] "GET /test/app/app.ipa HTTP/1.1" 401 539 "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"
10.0.2.2 - test [06/Feb/2014:14:51:09 +0900] "GET /test/app/app.ipa HTTP/1.1" 200 4066787 "-" "itunesstored/1.0 iOS/7.0.4 model/iPhone4,1 (6; dt:73)"

So, I changed a setting of web server to ignore basic auth when it requets HEAD.

BEFORE:

<Directory "/Library/WebServer/Documents/test/app/">
    AuthType Basic
    AuthName "BASIC AUTH"
    AuthUserFile "/etc/apache2/htpasswd"
    Require valid-user
</Directory>

AFTER:

SetEnvIf Request_Method HEAD headreq
<Directory "/Library/WebServer/Documents/test/app/">
    Order Allow,Deny
    Allow from env=headreq
    AuthType Basic
    AuthName "BASIC AUTH"
    AuthUserFile "/etc/apache2/htpasswd"
    Require valid-user
    Satisfy Any
</Directory>

After that, The itunesstored application asked only ONCE. (only GET).

like image 116
Kazutaka Kamiya Avatar answered Oct 07 '22 04:10

Kazutaka Kamiya