认证对煎茶触摸和远程服务器 [英] Authentication on Sencha Touch and remote Server
问题描述
我想有你的关于使用PhoneGap的和煎茶触摸,并在.NET与Active Directory服务器的应用程序验证机制的反馈。
I would like to have your feedback regarding Authentication mechanism for an Application using PhoneGap and Sencha Touch and a Server in .NET with Active Directory.
所以,我们需要存储用户凭据的移动设备使用户不必再次输入登录名和PSW,每次他想使用的应用程序。
So we need to store User credentials on the Mobile Device so a User does not have to re-enter Login and Psw, every time he wish to use the application.
有关我的理解煎茶触摸没有任何直接的库管理饼干。 为了使用Cookie我应该安装煎茶的Ext JS的煎茶和使用基本库 Ext.util.Cookies类。这个库它不应该是免费的。
For my understanding Sencha Touch does not have directly any libraries for managing Cookies. In order to use cookies I should install "Sencha Ext Js" the base library for Sencha and using Ext.util.Cookies class. This library it should not be free.
恐怕还是有问题,就用饼干和IOS安全问题的工作合同研究机构域。
I'm afraid to still have problem with CROS domains regarding working with cookies and IOS security issue.
另外的PhoneGap不提供任何cookie的抽象,因为有很多其他的工具来做到这一点已经(PhoneGap的只是包装了智能手机的功能,而不是基本的浏览器功能)。 我可以用potenticalyy jQuery的,也许尝试jQuery的cookie的插件。
Also Phonegap does not provide any cookie abstraction, as there are plenty of other tools to do that already (Phonegap just wraps up smartphone functionality, not basic browser functionality). I could use potenticalyy jQuery, and maybe try jquery-cookie plugin.
煎茶触摸报价为HTML5本地存储的API,因此,而不是写一个cookie,我可以保存凭证在本地存储。 本地数据应保持由浏览器为未定义ammount的时间,如果即使该设备处于关闭状态。 当用户单击该应用程序,我可以把本地数据和发送到服务器,服务器将验证用户的身份。
Sencha Touch offer an API for HTML5 Local Storage, so instead to write a cookie, I could save the credential in the Local Storage. Local data should be kept by the browser for an undefined ammount if time even if the device is turned off. When a user click the app, I can take the Local Data and sending to the server, the server will authenticate the user.
尽管该机制的我有一个问题与安全性。 一个) - 网上商店的用户名和Pasword以纯文本格式,在Cookie或在本地存储和转发给服务器。 没有加密的介入,authenication应该工作。缺点:这是非常容易阅读的饼干和本地存储,所以它不是艺术的安全状态
Despite of the mechanism I have an issue with security. A) - Istore the UserName and Pasword as plain text, in a Cookie or in Local Storage and forward to the server. no encryption is involved, the authenication should work. Cons: It is very easy to read the Cookies and the Local Storage so it is not the state of art for security.
B) - 我存储用户名作为纯文本,而是为Pasword我存储在cookie或本地存储一个窗体身份验证票证,并转发给服务器。 Ecryption在服务器上是参与的窗体身份验证票证。箴:高安全性,缺点:花时间向发展它。 注:安全性方面,门票使用的服务器的Machine.config文件的配置元素加密。
B) - I store the UserName as plain text and instead for the Pasword I store a "Forms authentication tickets" in a Cookie or in Local Storage and forward to the server. Ecryption on the server is involved for the "Forms authentication tickets". PRO: High security, CONS: Take time to develope it. NOTE: Security, the Tickets are encrypted using configuration element of the server's Machine.config file.
我的问题:
- 你有什么经验,对这种情况的?
- 你有一个更好的办法?
推荐答案
几天前我已经发布简单登录项目的 github上,你可能会发现它有帮助。它工作在WebKit浏览器和放大器;在iPhone上。 Android的未测试。
Some days ago I have posted Simple Login project to github, you may found it helpful. It works in Webkit browser & on iPhone. Android was not tested.
这篇关于认证对煎茶触摸和远程服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
