Two mobile apps use the same set of Web APIs and database, how to differentiate

StackOverflow https://stackoverflow.com/questions/23128496

Question

We are developing two mobile apps, one (A) for a group of people, another (B) for another group of people.

These two mobile apps use the same set of Web APIs, although some APIs may only be used one group and vice versa. In other words, we have just one Web API project.

Both apps' user need to register and (later) login with username and password. We save all users in the same AspNetUsers table.

Now I realize there is a problem. A user registered on app A can login on app B and a user registerd on app B can login on app A.

How do I solve this problem? Do we require the apps to send a code to our API so that our API know if its from A or B?

Thank you!

Was it helpful?

Solution

Asp.net membership has user roles, you can use it to authorize users to some parts of your api.

  • Give "GroupA" or "GroupB" role to a user during registration.
  • Properly set principals after authenticate.
  • Use System.Web.Http.AuthorizeAttribute to authorize
  public class FooController : ApiController
  {
    [Authorize(Roles = "GroupA")]
    public void GetOnlyForGroupA(){}

    [Authorize(Roles = "GroupB")]
    public void GetOnlyForGroupB(){}

    public void GetForBoth(){}
  }
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top