iPhone App: Making a webpage accessible only to people using a specific app.

Question

Hi all!

I was just wondering if it is possible and if so what the best way to create a web-page that is only accessible from a custom iPhone application? For example, if you tried to access the webpage from the iPhone's built in browser, or any other browser it would display an error page but when accessed from a custom built application it would be fully functional.

One idea that has come up is to change the User-Agent string in the embedded browser inside the application to something custom. I'm not sure if this is viable though.

I hope this makes sense.

Thanks in advance.

-Ben

Answer 1

Any and all request headers can and will be spoofed. Authentication is the only plausible solution.

Answer 2

Changing the User-Agent string is a good method. I haven't tried it personally, but you should be able to alter the NSURLRequest object and change the user-agent before the request is made.

You could also use other custom data in the HTTP request to allow/block visits. You could add a query string to the URL or include some unique POST data.

Note this isn't a real security measure as anyone could fake any part of the HTTP request to gain access. Someone could easily read the HTTP traffic generated from your app and use that to figure out how to access the site with any browser.