I would like to connect to a remote web service to retrieve data. However, in doing so, I must provide this web service with credentials to authenticate the client, (to disallow anonymous requests), before data is returned. The only way I can think of to do this is by simply passing along the credentials in the querystring with each request. This method seems rather clunky, not to mention sessionless. Is there a better technique? This web service is also entirely under my developmental control, so I can make any necessary changes.
Also, on the side of the web service, I would like to ensure that ONLY requests that come directly from an android handset will be accepted (have data returned). In other words, if that same request comes in from a browser or iFone, data will not be returned. User-agents can be easily spoofed so I don't want to rely on that. Is this at all possible? The only way I can think of would be to keep the parameters of each service call a secret (is this even possible?) so that a user can't recreate the querystring, thus throwing an error. Looking forward to your input! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
