Android：跟踪用户身份验证(Android: Tracking user authentication)

Android：跟踪用户身份验证(Android: Tracking user authentication)

我正在开发一个将由多个用户使用的Android应用程序（每个用户将拥有自己的设备）。 我正在尝试实现某种会话跟踪，以查看用户是否经过身份验证，并基于它允许进一步使用应用程序。 我想要实现的是我在网络上使用会话对象的同类跟踪。 有没有办法在Android系统上这样做？

I'm developing an android application that will be used by multiple users (each user will have his own device). I'm trying to implement some kind of session tracking to see if user is authenticated and based on it allow further use of application. What I'm trying to achieve is the same kind of tracking I use on the web with session object. Is there any way to do this on android system?

最满意答案

你可能需要重新思考你的概念。

当1位用户使用1台设备时，您为什么要使用用户身份验证？ 如果你必须有用户身份验证，你会在哪里存储凭据？ Android为数据存储提供了多种选择。

如果您将凭证存储在手机上，则必须解决加密问题（例如，使用自定义的SharedPreferences实施加密 - 这里有一个实现，请记住它不是100％安全的）。 但是存在更严重的问题 - 如果用户更改设备，并再次安装您的应用程序，他会希望保存所有数据。 在这种情况下，保存用户数据 - 手机上的凭据等不是一个好选择。

如果您将凭据存储在某个位置（云等），您仍然需要提供某些安全性的保证。 但是，您将如何处理用户无法连接到云并希望对您的应用进行身份验证的情况？

也许您必须提出一些混合解决方案，例如： 用户>本地电话>与远程位置同步>将本地电话与远程位置同步等等。 处理由此产生的所有案件。

You maybe have to re-think your concept.

Why would you like user authentication, when 1 device is used by 1 user? If you MUST have user authentication, where would you store the credentials? Android offers several options for Data Storage.

if you store the credentials on the phone, you have to solve the encryption problem (for example use custom SharedPreferences with Encryption implemented - there's one implementation around here, keep in mind it's not 100% secure). But there's more serious problem - if the user changes the device, and installs again your application, he would expect all his data to be saved. In this case saving user-data - credentials etc. on the phone is not good choice.

if you store the credentials somewhere online (cloud, etc.) you still have to provide guarantee of some security. But how will you handle the case where the user has no connectivity to the cloud and wants to authenticate to your app?

Maybe you have to come up with some hybrid solutions which goes like: user > local-phone > sync with remote location > sync local phone with remote location and so on. Handle all cases that come from this.