I have been working on building an iOS app to be used internally inside the company I work for. The way the user logs into the app is through the use of Active Directory (AD). The code I have for checking credentials via AD is as follows:
private bool ADAuthentication(string username, string password)
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "Domain Name"))
{
return pc.ValidateCredentials(username, password);
}
}
The problem I have is that this method requires a clear text password and I am not about to send that kind of password across a cellphone network or unknown wifi connection.
What I am looking for is an encryption/decryption algorithm that I can encrypt the password on an iOS device, send it to our server, decrypt it, and pass it to the above method to verify AD credentials.
So far I have investigated MD5 (which we already use in another application) and several open source BlowFish algorithms(Here is the link and a link for how to do BlowFish in iOS). I have also done research via google looking for a solution and have not found much relating to what I need (but I could have missed something)
Any code, links, or advice in either Objective-c or C# would be greatly appreciated since I have been at this for 2 days with little-to-no progress being made. I am open to almost anything at this point.
