best way to do in android client and secure web service -
so have problem unauthorized usage of c# web service here goes
problem: have android client application , takes info c# web service.now problem don't want other people/application consume services.so want restrict usage application only.
solution(that have currently): 1.create username/password , store(encrypted form) in android client application. 2.my android application send decrypted username/password web service. 3.since username/password decrypted while journey web service not safe since people can view information.so plan setup https connection secure data. 4.when username/password reaches web service performs necessary actions.
i not sure if right approach please share views , sorry if question not relevant site desperately need help in topic.
if https option, utilize that, , have app authenticate basic authentication. since basic auth on https encrypted, you're safe there -- , what's improve yet, web-server deed door-man, never hitting app server.
if http can do, consider simple challenge-response protocol: ping server , receive access token. token modified , encrypted client, , new token generated client sends along each request. since client , server know algorithm response, server can verify whether consumer authorized access service.
android service web https
No comments:
Post a Comment