I'm developing a pure web api backend using ASP.NET MVC to support my android application, I'm just wondering that which way to maintain accessibility of user would you like to recommend me?
In my application, there is a sign in/ sign up mechanism.
And the user should sign in to support more actions such like "join to project".
Just like Github, there are projects and many issues within each project,
but the different thing is if the user doesn't join to the project,
he cannot access the data within that project.
I know somebody would create an access_token which stands for the user whenever the user sign in successfully.
But what I don't know is about the implementation details in MVC.
Here I create an illustration for you, at my situation
If the user want to see the issue under the project,
he should firstly sign in and then join to that project.
I just don't know how to implement this in MVC?
If I create an access_token in one table when the user sign in successfully, whenever receives an url request which is going to access the issue, first find out which user that the access_token passed as a parameter stands for, then see if this user joins to that project?
This is my first idea, and I'm really wondering... Please share any of your idea, I'm afraid I am gonna use the insecure and inefficient way. Thanks for patience.
