如何从iOS应用验证HTTP请求?
[英]How to authenticate http requests from an iOS app?
问题描述
I have an iOS app that communicates over https with a server. 
我有一个iOS应用程序,可通过https与服务器进行通信。
Is it possible to authenticate the app, so that the server will only respond to requests from that app? 是否可以对应用程序进行身份验证,以便服务器仅响应来自该应用程序的请求? In other words, it won't respond to http requests from a browser/curl/another app/etc? 换句话说,它不会响应来自浏览器/ curl /另一个应用程序/ etc的http请求吗?
I'm not interested in authenticating the user- just being sure that only my app can communicate with the server. 我对验证用户身份不感兴趣-仅确保只有我的应用程序可以与服务器通信。
What I've considered: 我考虑过的:
-Shared secret on server and app. -服务器和应用程序上的共享机密。 But anyone can look inside the app bundle to extract the secret. 但是任何人都可以查看应用程序捆绑以提取秘密。
-Using push notifications. -使用推送通知。 App contacts server, and tells server its push notification token. 应用与服务器联系,并告知服务器其推送通知令牌。 Server sends a push notification which reaches app. 服务器发送到达应用程序的推送通知。 Nothing else can receive the notification, so embed a shared secret in it, which the app can use from then on. 其他任何人都无法接收该通知,因此将共享秘密嵌入其中,该应用可从那时开始使用该秘密。 But push notifications can be delivered late, or not at all. 但是推送通知可以延迟发送,或者根本不发送。 And many users don't want to enable them. 许多用户不想启用它们。
Obviously Apple authenticates devices so it knows where to send push notifications. 显然,Apple对设备进行了身份验证,因此它知道将推送通知发送到哪里。 But is there any way of hooking into this? 但是,有什么办法可以吸引到这个吗?
1 个解决方案
解决方案1
1 2012-03-30 23:39:40
Have you thought about using MAC address of your ios device? 您是否考虑过使用ios设备的MAC地址? I use this in an app that logs on a server that needs to identify a device as a terminal and uses that to create a session for that terminal. 我在登录服务器的应用程序中使用此服务器,该服务器需要将设备标识为终端,并使用该应用程序为该终端创建会话。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.