问题描述
我现在只在 iOS 应用上工作了几个星期,所以请耐心等待.我希望我的应用程序的第一个屏幕是使用电子邮件地址和密码登录.我设置了视图,但是我不确定存储身份验证的最佳方式是什么.
I've only been working on an iOS app now for a couple weeks so bear with me. I want my app's first screen to be a login with email address and password. I got the view set up however I'm just not sure what's the best way to store the authentication.
身份验证本身将在服务器端处理.当用户输入他们的电子邮件和密码时,它将运行连接到我的服务器并在失败与否时返回 JSON.如果成功,我会返回我需要的任何东西.
The authentication itself will be handled server side. When the user enters their email and password, it will run connect to my server and return JSON if it failed or not. If it is successful I will return whatever I need.
问题是,我应该存储哪些信息以及存储在哪里?我应该将他们的用户 ID 和密码存储为 md5 字符串吗?然后每次我调用服务器时,我都可以传递他们的用户 ID 和 md5 字符串来验证他们是否有访问权限.这样做有意义吗?
The question is, what information should I store and where do I store it? Should I store their user id and their password as a md5 string? Then every time I make a call to the server I can pass their user id and md5 string to verify if they have access. Does that make sense to do?
推荐答案
是的,您应该将凭据存储在设备上.这样,当服务器上的会话过期时,可以立即重新验证用户.(请记住,这比每次都强制用户登录更不安全,因为如果用户丢失了手机,任何找到手机的人都可以访问他的帐户.)
Yes, you should store the credentials on the device. That way, when the session expires on the server, the user can be immediately re-authenticated. (Keep in mind, this is less secure than forcing the user to log in each time, because if the user looses his phone, anyone who finds it could have access to his account.)
只需将电子邮件地址和密码存储在 SQLite 表、plist、文本文件或您想要的任何内容中.最好对密码进行加密,即使没有其他应用程序能够访问您存储密码的文件.
Just store the email address and password in an SQLite table, a plist, a text file, or whatever you want. It's probably best to encrypt the password, even though no other applications will be able to access the file you store it in.
顺便说一句,您不必在每次请求时都将凭据传递给服务器.我不知道您在服务器端使用什么,但您可以将其设置为使用会话,因此他们的用户将在必须重新验证之前停留一段时间.这是我用来发送凭据的一些代码:
Btw, you don't necessarily have to pass the credentials to the server with every request. I don't know what you are using on the server side, but you can set it up to use sessions, so they user will stay longed in for a while before having to re-authenticate. Here is some code I have used to send credentials:
NSURLConnection *connection;
NSString *url = [NSString stringWithFormat:@"http://example.com/service/authenticate.ashx"];
NSString *username = [self.usernameField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSString *password = [self.passwordField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSMutableString* requestURL = [[NSMutableString alloc] initWithString:url];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: [NSString stringWithString:requestURL]]];
[request setHTTPMethod: @"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];
[request setHTTPBody:[[NSString stringWithFormat:@"username=%@&password=%@", username, password] dataUsingEncoding:NSUTF8StringEncoding]];
connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
该 NSURLConnection 对象将管理 cookie 并保持用户登录,因此您可以使用它继续向服务器发送请求,直到会话过期.
That NSURLConnection object will manage the cookie and keep the user logged in, so you can use it to keep sending requests to the server until the session expires.
这篇关于需要通过 iOS SDK 在我的服务器上使用 JSON 对用户进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!