Ok HUGE issue here. I am using the Ionic Cloud for authorization and an Azure Hosted Web API application which is supplying the data to run the app. Pretty basic.
I know I could embed a username/password to authenticate the .NET calls, but that doesn’t make for a very secure application. I know I can’t be the only person doing this, so I’m hoping someone is smarter than I am and has already figured a way to do this.
I’m open to suggestions but I can only come up with the following…
Use Ionic Cloud Login. Get user’s UUID. When calling the .NET Service, have the service first authenticate the user is real by using the Ionic HTTP API. At least we know if the user is real.
Use Ionic Cloud Login. Embed a un/pw into the app so calls to the .NET API Service at least need some type of Basic Authentication. Drawback here is someone could easily get the un/pw when it’s being sent.
Use Ionic Cloud. Send the token obtained from Ionic Cloud to the .NET API Service and authenticate the user by doing some type of “basic” call to the Ionic HTTP API. If I receive an UNAUTHORIZED, then the user must not have a real token and I shouldn’t send back any data from the app service.
Do any of these sound viable or something similar to what you’ve done in your own applications? Any help/suggestions/confirmations greatly appreciated.