Application login

Hot Topic

ExtractAssociatedIcon In Pocket PC Developement ..
regarding memory exception
Problem - connect to Crossbow PPC emulator
Webservices in smart devices
Load Image from stream?
InternetOpenUrl() fails with ERROR_IO_PENDING in asynchronous mode
Customized datagrid column won't change colors of unseen rows when scrolled
Accessing a Network from smartphone
The event is not fired in Windows Live Messenger
No connection via Active Sync

Smart Devicet

Provisioning device security
Can't set focus in custom event handler
Searching for one way roads.
How are files stored?
Connection Manager Behaviour !!
Add program icon to Program Group WM5
Stock Por sample "How tro write an ActiveSync Service provider"
connecting to wifi 801.11 access points in Pocket PC
System state error
Error in Microsoft Sample Code For RDA

Application login

Hi,

i am building a mobile application, in which the users needs first to login, and then can perform several operations against dedicated web services.

we hold an offline table in Sql Mobile with the users that can login into the application.

now, considering that the user has successfully logged in (checked againsted the offline table) - how do i check in the web service that the requester of the method is a legitimate user.

should i send out the user+password on each call to the webservice

what is the best practice to work with web services , where i want only authenticated users to use

I read a while ago, that i can login once (using a login method in the webservice), get a token and use it is the next calls. This is not a good situation for me, as calls to the web service can be queued while the user is offline, and the token might expire.

any ideas are appriciated.

Answer this question

Application login

  • dustinto

    you'd need to maintain username and password information on the server hosting the web service, and then validate the incoming request -- your user logs into your mobile device application, and the application then uses those credentials to login to the webservice.

  • fawltster

    this is obvious.

    but what happen for the next calls to the web services calls for fetching and updating data.

    should i submit the user+pass again for each call, or maybe there is another solution


  • davros51

    I believe the web service model is intended to be a single, complete call. if credentials are involved, and your service is exposed to the public web, or any insecure/mixed security environment, then you probably ought to be validating credentials every time the service is called, or, if you've got a high load against the service, perhaps generating a serialized token on the first call that can be passed back to the system that is recognized as valid for a certain period of time, emulating a session-like behavior.
  • Application login
Answer this question