Im developing a Rails app that will contain a web front end as well as expose a service to a client app. This client app (for now being written in .Net) will just be sending data (not sensitive data, just statistics) to the service. Although this data will be tied to a user account on the site so they can view results online.
My question pertains to the best way to verify the user that downloaded the app to the website. I’m thinking of different ways to do it and here’s what I’ve come up with:
-Have the user provide their login information (username/password) in the app and send that along with te data (most likely encrypted).
-When someone registers for an account, generate a key specifically for the client app and have them provide that when installing the app.
Is either of those a better option or is there some other way I’m not thinking of?
Those do seem like the basic ways of handling the situation. Which one you choose to implement depends on whether a given copy of the client app is going to be used by just one user (in which case having the web app generate a key that is stored in the client makes more sense, since it can save the user the trouble of logging in every time they want to upload their data), or potentially by multiple users (in which case you probably want them to authenticate individually and on each use).