問題描述

我現(xiàn)在只在 iOS 應(yīng)用上工作了幾個星期，所以請耐心等待.我希望我的應(yīng)用程序的第一個屏幕是使用電子郵件地址和密碼登錄.我設(shè)置了視圖，但是我不確定存儲身份驗(yàn)證的最佳方式是什么.

I've only been working on an iOS app now for a couple weeks so bear with me. I want my app's first screen to be a login with email address and password. I got the view set up however I'm just not sure what's the best way to store the authentication.

身份驗(yàn)證本身將在服務(wù)器端處理.當(dāng)用戶輸入他們的電子郵件和密碼時，它將運(yùn)行連接到我的服務(wù)器并在失敗與否時返回 JSON.如果成功，我會返回我需要的任何東西.

The authentication itself will be handled server side. When the user enters their email and password, it will run connect to my server and return JSON if it failed or not. If it is successful I will return whatever I need.

問題是，我應(yīng)該存儲哪些信息以及存儲在哪里?我應(yīng)該將他們的用戶 ID 和密碼存儲為 md5 字符串嗎?然后每次我調(diào)用服務(wù)器時，我都可以傳遞他們的用戶 ID 和 md5 字符串來驗(yàn)證他們是否有訪問權(quán)限.這樣做有意義嗎?

The question is, what information should I store and where do I store it? Should I store their user id and their password as a md5 string? Then every time I make a call to the server I can pass their user id and md5 string to verify if they have access. Does that make sense to do?

推薦答案

是的，您應(yīng)該將憑據(jù)存儲在設(shè)備上.這樣，當(dāng)服務(wù)器上的會話過期時，可以立即重新驗(yàn)證用戶.(請記住，這比每次都強(qiáng)制用戶登錄更不安全，因?yàn)槿绻脩魜G失了手機(jī)，任何找到手機(jī)的人都可以訪問他的帳戶.)

Yes, you should store the credentials on the device. That way, when the session expires on the server, the user can be immediately re-authenticated. (Keep in mind, this is less secure than forcing the user to log in each time, because if the user looses his phone, anyone who finds it could have access to his account.)

只需將電子郵件地址和密碼存儲在 SQLite 表、plist、文本文件或您想要的任何內(nèi)容中.最好對密碼進(jìn)行加密，即使沒有其他應(yīng)用程序能夠訪問您存儲密碼的文件.

Just store the email address and password in an SQLite table, a plist, a text file, or whatever you want. It's probably best to encrypt the password, even though no other applications will be able to access the file you store it in.

順便說一句，您不必在每次請求時都將憑據(jù)傳遞給服務(wù)器.我不知道您在服務(wù)器端使用什么，但您可以將其設(shè)置為使用會話，因此他們的用戶將在必須重新驗(yàn)證之前停留一段時間.這是我用來發(fā)送憑據(jù)的一些代碼:

Btw, you don't necessarily have to pass the credentials to the server with every request. I don't know what you are using on the server side, but you can set it up to use sessions, so they user will stay longed in for a while before having to re-authenticate. Here is some code I have used to send credentials:

NSURLConnection *connection;
NSString *url = [NSString stringWithFormat:@"http://example.com/service/authenticate.ashx"];
NSString *username = [self.usernameField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSString *password = [self.passwordField.text stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
NSMutableString* requestURL = [[NSMutableString alloc] initWithString:url];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: [NSString stringWithString:requestURL]]];
[request setHTTPMethod: @"POST"];
[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];
[request setHTTPBody:[[NSString stringWithFormat:@"username=%@&password=%@", username, password] dataUsingEncoding:NSUTF8StringEncoding]];
connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];

該 NSURLConnection 對象將管理 cookie 并保持用戶登錄，因此您可以使用它繼續(xù)向服務(wù)器發(fā)送請求，直到會話過期.

That NSURLConnection object will manage the cookie and keep the user logged in, so you can use it to keep sending requests to the server until the session expires.

這篇關(guān)于需要通過 iOS SDK 在我的服務(wù)器上使用 JSON 對用戶進(jìn)行身份驗(yàn)證的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！