How to manage acc in iOS app?

Question

I have a News Webserver where registered user can get RSS News. I want to build an iOS application use to get News from my webserver but i don't know how to manage acc in iOS application. How can i save logined user on iDevice ( store on .plis file, Core Data ....???, store real usr/pass or store encode user/pass), how can i verify stored user/pass with my Webserver? Anybody can help me :(

PS:

My current way:

In my iOS app:

  + User input usr+pass.


  + usr+pass send to webserver. If usr+pass is valid, webserver return token string(is encode string of usr+pass).


  + If webserver return token string, store token string into .plit file, else do notthing.

When user press "Get News"/

  + iOS send token string to webserver to verify. If valid return News of this usr acc, else return null.

How can i improved my current way to enhance security?

Answer 1

What you want to do is store your user's username in the applications preferences. See NSUserDefaults. You aren't allowed to store the user's password as plain text. What you should do instead is store it in the Keychain. See this guide for more information: Keychain Services Tasks for iOS.