需要使用iOS SDK在我的服务器上使用JSON对用户进行身份验证 [英] Need to authenticate a user using JSON on my server with iOS SDK

问题描述

我现在只在iOS应用程序上工作了几个星期，所以请耐心等待。我希望我的应用程序的第一个屏幕是使用电子邮件地址和密码登录。我设置了视图但是我不确定存储身份验证的最佳方法是什么。

I've only been working on an iOS app now for a couple weeks so bear with me. I want my app's first screen to be a login with email address and password. I got the view set up however I'm just not sure what's the best way to store the authentication.

身份验证本身将在服务器端处理。当用户输入他们的电子邮件和密码时，它将运行连接到我的服务器，如果失败则返回JSON。如果成功，我将返回我需要的任何东西。

The authentication itself will be handled server side. When the user enters their email and password, it will run connect to my server and return JSON if it failed or not. If it is successful I will return whatever I need.

问题是，我应该存储哪些信息以及在哪里存储它？我应该将他们的用户ID和密码存储为md5字符串吗？然后，每次我打电话给服务器，我都可以传递他们的用户ID和md5字符串，以验证他们是否有权访问。这有意义吗？

The question is, what information should I store and where do I store it? Should I store their user id and their password as a md5 string? Then every time I make a call to the server I can pass their user id and md5 string to verify if they have access. Does that make sense to do?

推荐答案

是的，您应该将凭证存储在设备上。这样，当会话在服务器上到期时，可以立即重新验证用户。 （请记住，这不如强制用户每次登录都安全，因为如果用户丢失了手机，任何找到它的人都可以访问他的帐户。）

Yes, you should store the credentials on the device. That way, when the session expires on the server, the user can be immediately re-authenticated. (Keep in mind, this is less secure than forcing the user to log in each time, because if the user looses his phone, anyone who finds it could have access to his account.)

只需将电子邮件地址和密码存储在SQLite表，plist，文本文件或任何您想要的内容中。尽管没有其他应用程序可以访问您存储的文件，但最好加密密码。

Just store the email address and password in an SQLite table, a plist, a text file, or whatever you want. It's probably best to encrypt the password, even though no other applications will be able to access the file you store it in.

编辑：

顺便说一句，您不一定要在每次请求时将凭据传递给服务器。我不知道你在服务器端使用了什么，但是你可以将它设置为使用会话，因此用户在重新进行身份验证之前会保持一段时间。以下是我用来发送凭据的一些代码：

Btw, you don't necessarily have to pass the credentials to the server with every request. I don't know what you are using on the server side, but you can set it up to use sessions, so they user will stay longed in for a while before having to re-authenticate. Here is some code I have used to send credentials:

NSURLConnection *connection;
NSString *url = [NSString stringWithFormat:@"http://example.com/service/authenticate.ashx"];
NSString *username = [self.usernameField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSString *password = [self.passwordField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSMutableString* requestURL = [[NSMutableString alloc] initWithString:url];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: [NSString stringWithString:requestURL]]];
[request setHTTPMethod: @"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];
[request setHTTPBody:[[NSString stringWithFormat:@"username=%@&password=%@", username, password] dataUsingEncoding:NSUTF8StringEncoding]];
connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];

NSURLConnection对象将管理cookie并保持用户登录，因此您可以使用它来保持在会话到期之前向服务器发送请求。

That NSURLConnection object will manage the cookie and keep the user logged in, so you can use it to keep sending requests to the server until the session expires.

这篇关于需要使用iOS SDK在我的服务器上使用JSON对用户进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！