如何处理用户身份验证持久性的IOS？ [英] How to handle user authentication persistance in IOS?

问题描述

我试图建立了基础，我的iPhone应用程序和服务器。我有谁将会签署，并从iPhone应用程序登录的用户。在一个正常的网站登录，http服务器将提供饼干，以允许用户的后续请求保持验证。我应该如何在iPhone上处理这个问题？如果我只是发送用户名/密码，每一次我有一个NSURLConnection的GET或POST？这似乎过度。还是我用ASIHTT prequest框架使用Cookie。任何人都可以点我在正确的方向的正确实施？

I'm trying to build the foundation for my iPhone app and server. I have users who will sign up and sign in from the iPhone app. In a normal website login, the http server will provide cookies to allow the user's subsequent requests to remain authenticated. How should I handle this on the iPhone? Should I just send the user/password every single time I have a NSURLConnection GET or POST? That seems excessive. Or do I use the ASIHTTPRequest framework to use cookies. Can anyone point me in the right direction for a proper implementation?

谢谢！

推荐答案

在每个请求发送用户名和密码不是很大。

Sending username and password in every request is not great.

您可以使用您要发送的cookie什么。它只是一个HTTP标头。但是，这引出了什么是cookie中的问题。这取决于你的客户机/服务器体系结构是什么。 Web应用程序使用会话密钥，因为传统的Web客户端都没有保留任何状态，因此该应用服务器必须这样做。本地客户端可以有各种状态，因此一般不需要服务器来提供。

You can use anything you want to send cookies. It's just another HTTP header. But that begs the question of what is in the cookie. It depends on what your client/server architecture is. Web apps use session keys because traditionally web clients haven't held any state so the app server had to. Native clients can have all sorts of state and so generally don't need the server to provide that.

但是，你需要验证。这就是事情如的OAuth 并的的OAuth 2 是。它们允许你进行一次身份验证，然后使用可被失效的服务器端的令牌。有点像没有数据很长住的会话。

But you need authentication. That's what things like OAuth and OAuth 2 are for. They allow you to authenticate once and then use tokens that can be invalidated server-side. Kind of like very long lived sessions without data.

他们是一个有点复杂，但有两个服务器和客户端部分开放源码库，或者你可以滚你自己。大多数并发症是让你可以短路如果您拥有客户端和服务器的原始凭证。 OAuth的可以得到pretty复杂的，因为所有的请求都用一个秘密令牌签名。的OAuth 2可以是作为共享秘密（因此需要SSL）在cookie一样简单。

They are a bit complicated but there are open source libraries for both the server and client pieces or you can roll your own. Most of the complication is on getting the original token which you can short-circuit if you own the client and server. OAuth can get pretty complicated because all requests are signed with a secret token. OAuth 2 can be as simple as a shared secret (thus requiring SSL) in a cookie.

这篇关于如何处理用户身份验证持久性的IOS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！