Authentication for Android app connecting to a WCF service (on-prem environment)
Question
I'm developing an Android app working with a WCF service (through HTTPS). Everything is hosted locally and the app cannot be used for external network. For authentication, I implemented my own authentication system using internal username-password pairs, which is not highly secured.
I'd like my WCF service to be able to authenticate Android client app using AD accounts, ideally based on token. What do you recommend for WCF service and Android application? I'm not expecting a full code, but some directions for both server-side (WCF) and client-side (Android app).
Thank you in advance for your suggestions.
PS: Looks like the introductions "Hi, good morning..." are automatically removed...
1 answers
solution1
2 2019-12-06 18:37:26
I recomend you to use "Client Certificate" to authenticate.
Basically your android app need to have "Client Certificate" generated by Certificate Authority - should be in your company if you have AD.
You may like this solution because you can use IIS Client Certificate Mapping - it's map your Client Certificate to your AD Account.
Disadvantages? You need to provide to your phone "client certificate".
This can be achieved:
- by the devices management system - eq "Android for Work"
- by mail :)
It's not easy - but certainly more safe than custom user/pass.
Android and Client Certificates https://blogs.msdn.microsoft.com/asiatech/2016/08/22/how-to-create-an-iis-website-that-requires-client-certificate-using-self-signed-certificates/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.