How to store non-standard web authentication?
-
14-11-2019 - |
Pergunta
In the web API my app communicates with, the authentication process is designed in the following way:
- The user enters the name of the
group
that he/she belongs to. - The server sends the list of group members.
- The user chooses a
user name
and types apassword
. - My app sends a hash constructed of the
group id
,user id
andpassword
to the server to validate the credentials and in case of successful validation uses this hash in further transactions.
Having this process, I do not get standard NSURLConnection
messages like connection:canAuthenticateAgainstProtectionSpace:
or connection:didReceiveAuthenticationChallenge:
.
I can deal with it per se, but when it comes to securely storing the credentials, I get confused. Is there a way to do this via some built-in iOS SDK methods or I have to write the hash in a file manually, for example? What's the proper way?
Solução
The keychain seems the best option to store the user's credentials/hash. Check out http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html
- Be aware that while the keychain is probably the safest place in iOS to store this kind of data, it isn't entirely secure. But considering the data you want to store, it's probably well enough.
Edit: Look at http://overhrd.com/?p=208 You'd be able to access the data on your keychain with simple calls of this nature:
[Keychain setString:@"hashhashhash" forKey:@"userHash"];
// later on…
[Keychain getStringForKey:@"userHash"];