stackoom
  简体   繁体   中英

Authentication on Sencha Touch and remote Server

 原文  2012-09-12 08:33:59       javascript/ .net/ authentication/ sencha-touch-2

Question

I would like to have your feedback regarding Authentication mechanism for an Application using PhoneGap and Sencha Touch and a Server in .NET with Active Directory.

So we need to store User credentials on the Mobile Device so a User does not have to re-enter Login and Psw, every time he wish to use the application.

01 - IDEA - Cookies

For my understanding Sencha Touch does not have directly any libraries for managing Cookies. In order to use cookies I should install "Sencha Ext Js" the base library for Sencha and using Ext.util.Cookies class. This library it should not be free.

I'm afraid to still have problem with CROS domains regarding working with cookies and IOS security issue.

Also Phonegap does not provide any cookie abstraction, as there are plenty of other tools to do that already (Phonegap just wraps up smartphone functionality, not basic browser functionality). I could use potenticalyy jQuery, and maybe try jquery-cookie plugin.

02 - IDEA - HTML5 Local Storage

Sencha Touch offer an API for HTML5 Local Storage, so instead to write a cookie, I could save the credential in the Local Storage. Local data should be kept by the browser for an undefined ammount if time even if the device is turned off. When a user click the app, I can take the Local Data and sending to the server, the server will authenticate the user.

Despite of the mechanism I have an issue with security. A) - Istore the UserName and Pasword as plain text, in a Cookie or in Local Storage and forward to the server. no encryption is involved, the authenication should work. Cons: It is very easy to read the Cookies and the Local Storage so it is not the state of art for security.

B) - I store the UserName as plain text and instead for the Pasword I store a "Forms authentication tickets" in a Cookie or in Local Storage and forward to the server. Ecryption on the server is involved for the "Forms authentication tickets". PRO: High security, CONS: Take time to develope it. NOTE: Security, the Tickets are encrypted using configuration element of the server's Machine.config file.

My question:

  • Do you have any experience on of of this scenario?
  • Do you have a better approach?

1 answers

solution1
 3 ACCPTED  2012-09-12 20:41:06

Some days ago I have posted Simple Login project to github , you may found it helpful. It works in Webkit browser & on iPhone. Android was not tested.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mobile App Authentication/Sencha Touch Sencha Touch inject Basic Authentication into all requests How to get the server JSON response in Sencha Touch? Getting response from a server in sencha touch Sencha Touch ScriptTagProxy only works on localhost and not pulling a remote source? Sencha touch 2 azure how to add header authentication to invokeApi? Cross-domain Update from Sencha Touch 2 to external server Sencha Touch : How to implement xForms with Sencha Touch? AngularJS authentication from remote server Sencha Touch list and scrollToRecord
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM