A good solution for user authentication from iPhone app at a PHP server

Question

I have been trying to implement a secure user authentication for an iPhone app. I am pretty much a newbie. I saw many code snippets and suggestions for different ways, and some seemed out dated. In the present scenario, what would be a good option? JSON? ASIHTTPRequest?

Till now, I couldn't find a proper solution for this. I am finding a bit difficult to integrate different ideas and come up with a solution to suit my need. Would be great if someone could share a sample code or at least point me to a solution posted somewhere. Thanks in advance.

Tony

Answer 1

I used this to successfully authenticate a user with a remote PHP server from an iOS app. A bit late, but it may help someone:

-(void)saveNewUserDetails{
    [[NSUserDefaults standardUserDefaults] setObject:self.username.text forKey:@"userName"];
    [SSKeychain setPassword:self.pwd.text forService:@"MiniCEXReporting" account:self.username.text]; //store securely rather than in NSUserDefaults
    [[NSUserDefaults standardUserDefaults] synchronize];

}

-(void) makeConnection{
    self.activityIndicator.hidden=NO;
    [self.activityIndicator startAnimating];

    receivedData=[[NSMutableData alloc] init];

    NSString *userString=self.username.text;
    postRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://someURLhereWithUsernameappended/%@", userString]]];

    //for the real thing
    //postRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://somsis-dev.leeds.ac.uk/api/minicex/%@", self.username.text]]];

    [postRequest setHTTPMethod:@"POST"];

    NSURLConnection *connection = [[NSURLConnection alloc] initWithRequest:postRequest delegate:self];
    [connection start];    
}

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    if ([challenge previousFailureCount] == 0) {
        NSLog(@"received authentication challenge");
        NSURLCredential *newCredential = [NSURLCredential credentialWithUser:self.username.text
                                                                    password:self.pwd.text
                                                                 persistence:NSURLCredentialPersistenceForSession];
        NSLog(@"credential created");
        [[challenge sender] useCredential:newCredential forAuthenticationChallenge:challenge];
        NSLog(@"responded to authentication challenge");
    }
    else {
        NSLog(@"authentication failure username -%@- with password -%@-", self.username.text, self.pwd.text);
        UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Authentication Error"
                                                        message:@"Please check your username and password"
                                                       delegate:self
                                              cancelButtonTitle:@"Ok"
                                              otherButtonTitles:nil];
        [alert show];
        [self.activityIndicator stopAnimating];
        self.activityIndicator.hidden=YES;
    }
}

Answer 2

What kind of user authentication does your server have? You could use Basic Auth for authentication, which pretty much means sending the Authorization headers with every request.

ASIHTTPRequest has functionality enabling basic auth and even presenting a login dialog, if you're OK with using that (the project's just been discontinued).

You would obviously need to implement basic authentication on your server as well.