问题
Basically I would like to connect to the WCF windows service from android with authentication. I am an android developer. I have tinkered with the WCF Rest service from this article and also configured the https.
Now I need to think about the authentication process (to the username and password in the database) to the WCF service from android. Should I encode username and password in the url and do http post, while returning a token for authorization, for login process and use the token and username for subsequent operation(and also save encrypted username and token in a pref file to avoid logging in next time, thus avoiding password)? Any advice and pointer to any project and document is welcomed.
回答1:
There is a similar question at the programmers https://softwareengineering.stackexchange.com/questions/93005/designing-authentication-for-rest-api but I want to keep this question open since I would like to add useful code and links here.
Instead of encoding the username and password in url, they should be in the request body. The reason is that even though https encrypt the url, it is not a good practice because if the url is called from browser, the browser will remember it and username/password will be visible there in the browser history. Thus, here is an article to handle http Post http://www.codeproject.com/Tips/150313/Simple-WCF-web-service-to-receive-parameter-from-H
If https is achieved with self-signed certificate, you will need do some extra works http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
More article on WCF rest and android http://fszlin.dymetis.com/post/2010/05/10/Comsuming-WCF-Services-With-Android.aspx
Creating a custom token in C# http://msdn.microsoft.com/en-us/library/ms731872.aspx
来源:https://stackoverflow.com/questions/9643115/need-advice-on-authentication-for-android-client-connecting-to-the-wcf-rest-setu