On the native app side, use an empty Service with a <URL> trigger and additional trigger(s) for the parameters (username,password, etc.), and exit(s) to get the response (such as a boolean value signifying whether the user is authorized to login).
On the server-side implement a Callable Service which receives the (user) parameters, performs the required logic and outputs the result). The empty service's <URL> trigger mentioned above should receive the url of the callable service.
A demo along these lines (though for a different purpose) is available here.
For best results, use the Firefox browser..