Identify Android user account from web server
Question
I have a REST web server that serves the requests from Android devices where I write both server and client codes. Here I want to control and limit user requests based on an account whitelist. For example, I accept all requests for the URL A from any users, but I accept the requests for the URL B only from the user { admin@gmail.com, johndoe@gmail.com }.
Of course, sending a user ID as plain json text is not a desirable solution because the client can be breached. Is there more secure mechanism available in Android; like the device sends a private information of the logged-in account and the server verifies the user identity?
2 answers
solution1
0 2016-07-19 16:17:54
You can use a third party services. I recommend Backendless.com Check it out. Its free, scalable and has a feature of integrating your server tokens into it
solution2
0 ACCPTED 2016-07-19 17:54:29
If you have some type of authentication system, like a simple login, one possible solution could be using a generated token to represent a user session. That way you can control user access without sending sensible information such as the user ID and in case the client is breached, you just revoke that token.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.