Hi All
I am working an Rails 2.3.14.I am providing web services for
an iphone app thru xml.
My Rails app uses an authlogic gem for authentication.How to
authenticate a API call from an iphone app.
Initially i can able to sign up and login thru XML post
request.After login how my rails app identify me as a logged
user.Whether i need to provide any token after login and using token
for further request for an API call.I am novice in this.please suggest
me the best way to implement authentication for an iphone app.

Thanks in advance....

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Peter Vandenabeele at Feb 9, 2012 at 1:27 pm

    On Thu, Feb 9, 2012 at 2:19 PM, Muruga wrote:

    Hi All
    I am working an Rails 2.3.14.I am providing web services for
    an iphone app thru xml.
    My Rails app uses an authlogic gem for authentication.How to
    authenticate a API call from an iphone app.
    Initially i can able to sign up and login thru XML post
    request.After login how my rails app identify me as a logged
    user.Whether i need to provide any token after login and using token
    for further request for an API call.I am novice in this.please suggest
    me the best way to implement authentication for an iphone app.
    One typical way is to use a combination of
    * https (to authenticate the server and encrypt the channel)
    * use "Basic Authentication" through this channel

    Check e.g. curl -u/--user <user:password> as a way to test this.
    The user:password combination is sent with each request (but
    this is encrypted by using https).

    In Rails the set-up of Basic Authentication is very simple (that
    is a "good thing" less chance to make security errors)

    Of course, you need an SSL certificate for your server to do this.

    Since you say you are novice, make sure you let your solution
    validate by a person with deep security experience before putting
    it in real production.

    HTH,

    Peter


    *** Available for a new project ***

    Peter Vandenabeele
    http://twitter.com/peter_v
    http://rails.vandenabeele.com
    http://coderwall.com/peter_v

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Peter at Feb 10, 2012 at 7:13 pm

    On Feb 9, 7:19 am, Muruga wrote:
    Hi All
    I am working an Rails 2.3.14.I am providing web services for
    an iphone app thru xml.
    My Rails app uses an authlogic gem for authentication.How to
    authenticate  a API call from an iphone app.
    Initially i can able to sign up and login thru  XML post
    request.After login how my rails app identify me as a logged
    user.Whether i need to provide any token after login and using token
    for further request for an API call.I am novice in this.please suggest
    me the best way to implement authentication for an iphone app.
    Have you tried just making the requests subsequent times? I haven't
    used authlogic specifically, but this works for me on my iPhone app,
    which uses old restful_authentication.

    Usually when you do the initial login the auth system stores the user
    ID in the session, and then on subsequent requests it will "log in" by
    virtue of the session having the user ID. This session is (again
    usually) persisted by a cookie being passed back and forth (the name
    of it is set in in config/initializers/session_store.rb for my rails
    2.3.x app, its the :key key of the hash sent to
    ActionController::Base.session). So as long as your iPhone app
    continues passing along this cookie with each subsequent request
    (which from my experience it does automatically), then your app will
    have the same session, which in turn has the user ID, which in turn
    logs in and authenticates that person.

    The caveat(s) here are to make sure that authlogic is doing the login
    persistence in the session (it almost has to be if you have a web
    facing app that is of any use to someone logged in), and to make sure
    that the iPhone is sending the session cookie with each request.

    \Peter

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedFeb 9, '12 at 1:19p
activeFeb 10, '12 at 7:13p
posts3
users3
websiterubyonrails.org
irc#RubyOnRails

People

Translate

site design / logo © 2022 Grokbase