#1 2016-08-20 18:55:51

Kasito
Banned
Registered: 2016-08-05
Posts: 58

How to authenticate my application's users

Is it possible to make a user login screen to authenticate membership? I'm learning how to build a cordova app.

It will use a remote database certainly to be able manage users at my end.  But the access material will be local (in the app).   My challenge is how to redirect users to a local file, after a remote server-side login.

I thought of Iframing the a remote loing but, redirection is the is the issue.

Any help and examples will be useful.

Thanks

Offline

#2 2016-08-20 19:07:51

David
Admin
From: Alcobendas, Madrid, Spain
Registered: 2015-04-21
Posts: 1,657
Website

Re: How to authenticate my application's users

Hello Kasito,

I'm not sure what you means with "redirect users to a local file"... what kind of file we are talking about? Maybe you can use the "OpenWindow" action or may we need something more like the Cordova's File Opener plugin...

Offline

#3 2016-08-24 20:09:21

Kasito
Banned
Registered: 2016-08-05
Posts: 58

Re: How to authenticate my application's users

Ok. To make my question easier.  I want to make an app that has a login screen like Facebook app and it should authenticate users and give them access to the next page.  But of course, the login system will have to interact with a MySQL or any DB to retrieve and post Data on my server.

Clarification on this will really help.

Offline

#4 2016-08-24 20:39:29

David
Admin
From: Alcobendas, Madrid, Spain
Registered: 2015-04-21
Posts: 1,657
Website

Re: How to authenticate my application's users

Hello Kasito,

Since we are talking about client side applications, it's not a good idea to think in something like "give the user access to this page or not". Yes; we have methods to do that, for example, we can use the app's ChangeView event, or just test at the view's Show event if the user is "authenticated" or not. In fact, an advanced user can enter on an app's view by changing the appropiate Javascript, for example. So, if what you want to protect is already in the client... then you need to think about that.

Of course the above statement is true in general, because, in some scenarios, also client side applications can apply certain security measurements, for example, I am thinking in an HTML5 application running in a kiosk computer: in this kind of scenarios, and, since the user of the applications can't access the application source, then yes, we can implements somethings like "you can only view this view if enter the appropiate password in this Input control".

Talking about a client side plus a server side application (which is your case if I am not wrong) the security must be implemented in some way similar to this:

1º The client side app (your app) ask the user for a login and a password.

2º The app made an HTTP call (best if use HTTPS) to the server in order to check the login.

3º Depending on the check result the server send one response or another.

4º Depending on the server response the application does one thing or another.

For example, suposing you are made an application show saves user notes. Of course you don't want to show the notes of one user to other user, or show the notes of a user, if they are not firstly well authenticated.

1º Our application login view ask the user for a login and a password.

2º Our application made an HTTP to the server including the login and password to be checked.

3º If the server say "this user is OK", we change to the appropiate view, in which we shown the user's notes.

4º If the server say "this user is not OK", we simply don't change the view, and never shown any user's note, of course.

The things must works in a similar way than the described one. There is not just a way to send the login and password to our server (the only recomendation can be to use the HTTPS protocol instead of HTTP), for example, we can codify it in "Base64" or get an "MD5" hash, and then send to the server.

Since our app's HTTP calls can contains any data, probably we can always include in that calls the user login and password, then we can assert that non registered users never reach any data from the server if they are not authenticated before. My recomendation is you try with the concepts explained above. If you have any further question, please, don't hesitate to post it here Kasito.

Offline

Board footer

Powered by FluxBB


Copyright ©2018 DecSoft. All rights reserved.