I am working on a project where I need to implement access control on web API as follows.
I want to grant partial or subset access to API user. For example
- I have 4 resource in an web API.
- I want to give only 1 and 3 resource access to user X. User should not able to access resource 2 and 4.
- And any resource should not reveal anything about other resource.
How can i achieve above result in a web api. What should be the recommended approach for doing this.
I already went through most of Q&A on SO.
Please help me on this. Any help is much appreciated, thanks in advance.
