开发者

Is there a solution for this authorization problem?

I am developing a free mobile app that accesses a Web Service and downloads some content from it regularly.

I don't want to force users to create an account to use this Web Service and it should be available to all users of this mobile app.

However I don't want third-parties to be able to access that 开发者_JAVA技巧Web Service and reuse the data it provides. In other words, only the mobile app I am writing should be able to use the service and no one else.

Is there a solution available for this problem?


I guess you could do something like this:

1) Your app tries a first access to the server

2) Server sends a random number/code to the app

3) App elaborates it and transforms it with your secret method (it could merge it with a secret password and make a "hash" with the result; a "hash" is a transformed coded string)

4) App sends the hash [EDIT: (and the original random number/code it got from the server) <- NO, it would be better not to send the original and the coded string togheter: if intercepted it could be enough for everyone to send it again to enter the service... better to keep the original string on server somewhere with an id waiting for the hash from your app END EDIT] to the server again

5) Server uses the same secret method to "hash" the original number (merges it with a secret password and makes a "hash" with the result) and checks if it's equal to the one it got from your app.

6) if it's equal... server now know that the request for your web service is from your app and approve the access to it...

in other words: just your mobile app and your server know how to transform the random number to that "hash"... there are many sample to method to get an "hash" of a string, in many language (php, javaScript...) so just search on web...


It sounds like you need a handshake to ensure the correct client is connected to the web service. Simplest way I can think of is to have a key that is hard coded/generated when installed that the server then checks on connection.

Very similar to CD Keys and modern games that check against the server for a valid key.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜