I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app.

This is what I have so far:

• A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything).
• The application is used with local credendials stored in the DB.

This is what I'd like to accompllish:

• Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials.

This is what I know so far:

• How to create my PHP web service and query info from a DB using JSON.
• How to work with AFNetworking libraries to retrieve information.
• How to display that info on the app.

What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake?

I'd for sure appreciate any advise, tip, or recommendation you have from previous experience.

I don't want to just implement it but instead I want to do it as good as possible.