Hi All
I am working an Rails 2.3.14.I am providing web services for
an iphone app thru xml.
My Rails app uses an authlogic gem for authentication.How to
authenticate a API call from an iphone app.
Initially i can able to sign up and login thru XML post
request.After login how my rails app identify me as a logged
user.Whether i need to provide any token after login and using token
for further request for an API call.I am novice in this.please suggest
me the best way to implement authentication for an iphone app.
Thanks in advance....
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On Thu, Feb 9, 2012 at 2:19 PM, Muruga <murugu2012-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi All > I am working an Rails 2.3.14.I am providing web services for > an iphone app thru xml. > My Rails app uses an authlogic gem for authentication.How to > authenticate a API call from an iphone app. > Initially i can able to sign up and login thru XML post > request.After login how my rails app identify me as a logged > user.Whether i need to provide any token after login and using token > for further request for an API call.I am novice in this.please suggest > me the best way to implement authentication for an iphone app. >One typical way is to use a combination of * https (to authenticate the server and encrypt the channel) * use "Basic Authentication" through this channel Check e.g. curl -u/--user <user:password> as a way to test this. The user:password combination is sent with each request (but this is encrypted by using https). In Rails the set-up of Basic Authentication is very simple (that is a "good thing" less chance to make security errors) Of course, you need an SSL certificate for your server to do this. Since you say you are novice, make sure you let your solution validate by a person with deep security experience before putting it in real production. HTH, Peter *** Available for a new project *** Peter Vandenabeele http://twitter.com/peter_v http://rails.vandenabeele.com http://coderwall.com/peter_v -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Feb 9, 7:19 am, Muruga <murugu2...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi All > I am working an Rails 2.3.14.I am providing web services for > an iphone app thru xml. > My Rails app uses an authlogic gem for authentication.How to > authenticate a API call from an iphone app. > Initially i can able to sign up and login thru XML post > request.After login how my rails app identify me as a logged > user.Whether i need to provide any token after login and using token > for further request for an API call.I am novice in this.please suggest > me the best way to implement authentication for an iphone app. >Have you tried just making the requests subsequent times? I haven''t used authlogic specifically, but this works for me on my iPhone app, which uses old restful_authentication. Usually when you do the initial login the auth system stores the user ID in the session, and then on subsequent requests it will "log in" by virtue of the session having the user ID. This session is (again usually) persisted by a cookie being passed back and forth (the name of it is set in in config/initializers/session_store.rb for my rails 2.3.x app, its the :key key of the hash sent to ActionController::Base.session). So as long as your iPhone app continues passing along this cookie with each subsequent request (which from my experience it does automatically), then your app will have the same session, which in turn has the user ID, which in turn logs in and authenticates that person. The caveat(s) here are to make sure that authlogic is doing the login persistence in the session (it almost has to be if you have a web facing app that is of any use to someone logged in), and to make sure that the iPhone is sending the session cookie with each request. \Peter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.