2

I have an android application in which i need to implement a login activity so that when a user uses the application only those who have a valid Login Id and password are able to access the application. I'm having all the user details including there login credentials on SQL Server. To access it I'm using Restful Webservices. Also what i am thinking is that to validate the user on server only and then return TRUE or FALSE depending upon the result and depending on the result the user will get the access.

can anyone help me out as i'm not able to accomplish this whole thing.

Rahul Sharma
  • 3,637
  • 2
  • 20
  • 18
  • You should also think about encrypting or hashing passwords securely. Hers's a link to a good article http://www.troyhunt.com/2011/06/owasp-top-10-for-net-developers-part-7.html – John J Smith Jul 15 '11 at 09:35

2 Answers2

2

1- There are several things you must consider. Some servers simply can't handle ReST. So be sure you can use it.

2- User name and password must be over SSL and not through HTTP. So take care of that.

3- When you use SSL, certificates are a problem as you will be having self-signed certificates in your app. This will throw exceptions. So either disable certificate checking and risk your server or use create a fake cetificate maager in your device and call it everytime you connect(this is also risky) or create a new certificate as given in this link http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/

4- Use these links to check that your certificates are in order and consume the web-service.

http://vipsaran.webs.com/TestTrusted.java

http://blog.synyx.de/2010/06/android-and-self-signed-ssl-certificates/

Apache HttpClient on Android producing CertPathValidatorException (IssuerName != SubjectName)

http://groups.google.com/group/android-developers/browse_thread/thread/62d856cdcfa9f16e/dd59b1998d23a660?lnk=gst&q=SSL+fake+cert#dd59b1998d23a660

Any problem, post further questions. It can be solved since you are using ReST.

[The links may have codes that aren't working. So they are only for the sake of reference]

Community
  • 1
  • 1
Andrew Anderson
  • 457
  • 4
  • 14
1

hmm ... REST webservice can be invoked by just making http (get or post method) requests. Go through this link ... https://sites.google.com/site/androidosbeginning/cosuming-restful-webservice-in-android it might help you..

success_anil
  • 3,659
  • 3
  • 27
  • 31