I'm trying to make an application that needs authentication :- when user type username and pw in the text boxes it should check with the DB in the server and authenticate.
how can i do this in the android?
can please any one help me??
thank you,
If you are a web developer you can do this authentication very easily. You can follow the following steps,
First, get the username and password from the user and put in the variables.
Create the HTTP connection to the web server (Your data posting URL).
Post the data to the URL with specified data using HTTP Get or Post method(Post is preferable for authentication)
Get the posted value using server side script and do the authentication.
send the response status to the client by using JSON encoding or some other format whether the authentication is succeeded of failure.
Get the response in android and create the InputStream and decode the JSON or some specified encoding format which you done in the server side and shown the response in mobile.
Thats it.
Related
I want to parse the web service in Android/iOS, Which is
written in SAP, but not able to do that. Can I do this ? and How?
When I hit the request on browser I get this popup and after entering the valid details here then only i get the JSON response, But how to get this done in mobile development?
Thank you..
Add Authorization header to your request
Authorization: Basic <Base64of Username:Password>
For quick check, you can generate auth header here
You can try using PostMan chrome plugin to generate request and play with different set of input data.
I'm creating a android app which requires login and the authentication will be done against a node server.
HttpURLConnection is used with the POST and I'm using HTTPS. But my question is, since username and password are sent to the server as url parameters, do I need to add more security measures; like encrypting those two parameters(Using Base64)?
I've tried to use Authenticator.setDefault(new Authenticator(){}) but I'm not user implementing that only would be enough.
The URL parameters are encrypted thus protected in transit but are probably logged by the system so the username and password will probably be in the log files. It is best to send then in thee POST data, not as part of the URL.
What you can try is encrypting the data and then send it to server and on server side the data should be decrypted . In this way the security of your app will be maintained.
See this
someone may asked my question already but I cannot find any suggestions.
I writing an Android app which needs to access my Django server by using HttpsURLConnection then Django server will return a JSON array to Android.
The view function in Django will receive the parameters from request.POST and generate the JSON array then return using HTTPResponse Django method. It does not need any Templates and Forms.
When I call the Django view function from Android, it returns 403 error. I know that it is because the POST data does not contains "csrf_token".
My problem is: How can I get the "csrf_token" and put it into my POST data before I send it to Django? I try disable the CSRF checking by "#csrf_exempt" it can return the correct result to Android app but I would not disable the CSRF checking.
Thanks,
Wilson
You have to send the cookies and also have to send a header 'X-CSRFToken' with csrftoken.
This is what I do (may not be the best way):
Get csrf token via a get request.But first try to see if you get a csrftoken cookie by doing same request on your browser with developer tools. If not, you should use ensure_csrf_cookie decorator
from django.views.decorators.csrf import ensure_csrf_cookie
#ensure_csrf_cookie
def your_view(request):
pass
Now using the same HttpUrlConnection object do this :
String cookieString="";
String csrftoken="";
// The below code can be shortened using for-each loop
List<HttpCookie> cookies=cookieManager.getCookieStore().getCookies();
Iterator<HttpCookie> cookieIterator=cookies.iterator();
while(cookieIterator.hasNext()){
HttpCookie cookie=cookieIterator.next();
cookieString+=cookie.getName()+"="+cookie.getValue()+";";
if(cookie.getName().equals("csrftoken")){
csrftoken=cookie.getValue();
}
}
Add the following to your post request:
urlConnection.setRequestProperty("X-CSRFToken", csrftoken);
urlConnection.setRequestProperty("Cookie", cookieString);
I have an app that makes request to a wcf service. Usually I authenticate all of the requests using a hash value that is sent in the body of the request and then authenticated on the server. All most all of the request are sent via json and it is easy for me to add the hash value to the body of the request. The issue I am facing is that when I send a file stream I cannot add the hash to the body of the request so I am wondering how I can authenticate that the request came from my app and not from some where else. All suggestions are greatly appreciated.
Adding an authorization item in the header is a possible solution. So, if anyone is interested, read this and this.
I am trying to login to an internal wireless with security. I can do HTTP POST requests, but it doesn't work for this login site. I suspect it has something to do with it giving the user a Session ID, as the login page URL is http://blahblah.com/login/Login.php?sid=(string of numbers and letters).
I have just been trying to POST data to http://blahblah.com/login/Login.php and that is unsuccessful.
So my question is: how do I obtain the SID in order to logon to the site with the correct URL?
you need to parse the response the server is giving you (assuming in fact you need a session ID, not design an oauth process). Most server session ID's are given in xml form. There is a native java XML parser but you can google that and figure out how youd like to handle that. you will probably need to append your session ID to your POST URL as well.