I have Xamarin application that is using servicestack as back-end API the current implementation to authenticate users is sending plain text from client side to server then authenticate users , what i need here two things:
(i) is there a way to encrypt the password on client side using servicestack.client
public override void Configure(Container container)
{
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new BasicAuthProvider(),
new CredentialsAuthProvider(),credentials
}));
Plugins.Add(new RegistrationFeature());
container.Register<ICacheClient>(new MemoryCacheClient());
var userRep = new InMemoryAuthRepository();
container.Register<IUserAuthRepository>(userRep);
}
(ii) about login itself - when user login it generates cookies that I cant use in my mobile app. How can I make user use servicestack application without login every time.
The standard way to ensure your password (and everything else) gets sent encrypted is to configure your backend services with SSL so all traffic is sent via https.
An alternative to this is to use ServiceStack's Encrypted Messaging feature.
In order to populate your Service Client with your Session Id you can save the cookie from an authenticated Service Client with:
var ssId = client.GetSessionId();
var sspId = client.GetPermanentSessionId(); //If RememberMe=true
And later attach it on a new Service Client with:
client.SetSessionId(ssId);
client.SetPermanentSessionId(sspId);