views:

522

answers:

3

I wanted to know, the best methodology (with code sample please) of having a login feature on an iPhone application, that would connect to a server. I am assuming web service sending via SOAP isn't the safest.

Thanks guys

+1  A: 

What are you trying to protect? A good start is to use HTTPS to transfer login information to the web service. You'll still need to secure the web service, but at least the users will be secure against snooping and man-in-the-middle attacks.

Mark Bessey
+4  A: 

With NSURLRequest / NSMutableURLRequest you can set up authentication using any method you like... here's an HTTP Basic example for getting some XML result.

  NSMutableURLRequest * request = [NSMutableURLRequest requestWithURL:url];
  [request setHTTPMethod:@"GET"]; // or POST or whatever
  [request setValue:@"application/xml" forHTTPHeaderField:@"Accept"];
  NSString * userID = @"hello";
  NSString * password = @"world";
  NSString * authStr = [[[NSString stringWithFormat:@"%@:%@", userID, password] dataUsingEncoding:NSUTF8StringEncoding] base64Encoding];
  [request setValue:[NSString stringWithFormat: @"Basic %@", authStr] forHTTPHeaderField:@"Authorization"];

You'll need to read up on HTTP authentication techniques to know what to do to talk to your specific server, but there's nothing wrong with using HTTPS (SSL) + Basic, it's secure.

sbwoodside
A: 

How can you tell if this worked ? Is there some boolean response you can get somehow -- because NSMutableRequest doesn't seem to have one.

Sikosis