Hi,
I have my iPhone app that calls an ASP.NET Webservice to download "data". Most of this needs to be protected, but currently the webservice that's deployed can be called by anyone who can figure out its URL, thus resulting in a complete loss of security.
The simplest form that I can think of would be for the phone to make a call over HTTPS including the username, password that the user logs in with, with every web service all. And each method will check to see if these credentials are correct before sending data to the user.
But this will result in an additional database call for every request to check if the user is authenticated, which is not very efficient.
So how does one normally go about doing this?
Thanks,
Teja.