Security on iphone / ipad application when calling a wcf service

Question

I'm new with objective c programming and implementation of wcf, so i may or may not sound like an idiot with my questions. Was wondering what's the best practice in terms of calling web services from objective c.

My plan, for login, is to create a wcf service to check if the username and password exist. If it returns TRUE then you create a "Cookie" that will store the session on your app? I'm planning to return the Id of the user as well so that whenever the user requests for some data change from the iphone app it can know which user it is. BUT I'm skeptical about returning the users Id. Is it safe? Or should I generate a type of GUID or token to return from the WCF to my iphone, store that and then whenever they request for a transaction then WCF can verify the user?

Can somebody please point me to the right direction as to where to start in terms of objective c security.

Thanks!!!

Answer 1

I think you are on right track :-)

• If your server supports session id mechanism then in response of login send a unique session id to client so that in subsequent requests server can compare it with the local one. You can use GET or POST both, but in my opinion POST is better way here.
• Go for HTTPS.
• If you want to cache the credentials on the app side, look for keychain.