You’ll want to use a standard UIWebView to load a login form on your website (UIWebView class reference). You’ll probably want to set a delegate and wait for either webViewDidStartLoad or webViewDidFinishLoad – at these points you’ll be able to check the status of the request.

What I would try is for the webservice to render the same form back on failure, and on success render a minimal “loading…” form with some hidden attributes that you will be able to pull out of the UIWebView directly in your app (say, a token, or other login information for making future requests). That way the user can auth as many times unsuccessfully, but you will only continue into the application when they successfully authenticate and have some identifier.

If you don’t want to hide the token in the actual HTML your web service returns, it’s also possible to create an identifier on the device itself and include that in your form when the user is POSTing to your web service. On a successful auth, you may need to make a second request to get some sort of unique token for any other requests you intend on making, but this is getting a little more complicated.

The best bet is probably to try the simplest thing that will work, then ask a security expert how to improve your interaction/protocol.