How to store non-standard web authentication?
In the web API my app communicates with, the authentication process is designed in the following way:
- The user enters the name of the
group
that he/she belongs to. - The server sends the list of group members.
- The user chooses a
user name
and types apassword
. - My app sends a hash constructed of the
group id
,user id
andpassword
to the server to validate the credentials and in case of successful validation uses this hash in further transac开发者_如何学Gotions.
Having this process, I do not get standard NSURLConnection
messages like connection:canAuthenticateAgainstProtectionSpace:
or connection:didReceiveAuthenticationChallenge:
.
The keychain seems the best option to store the user's credentials/hash. Check out http://developer.apple.com/library/mac/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html
And https://github.com/ldandersen/scifihifi-iphone/tree/05e64ff2814a8192c43f1f81eb8e09dc3764fa18/security
- Be aware that while the keychain is probably the safest place in iOS to store this kind of data, it isn't entirely secure. But considering the data you want to store, it's probably well enough.
Edit: Look at http://overhrd.com/?p=208 You'd be able to access the data on your keychain with simple calls of this nature:
[Keychain setString:@"hashhashhash" forKey:@"userHash"];
// later on…
[Keychain getStringForKey:@"userHash"];
精彩评论