I have a mobile application that allows user registration. When registering the user from the API, I set the "User" role to the new user created. The user can log in to the mobile application once the "User" role is set.
If i try to log in to the angular web site using the credentials used to create the new user, the user can log in to the application. I need to disable this functionality. The mobile created users should not log in to the angular web application. The web application acts as the admin site.
How can i disable mobile created users from logging into the web application?
2 Answer(s)
-
2
I think, you would have to extend the user-class and add a property that indicates whether the user was created on mobile application. Your web-application must then check for this property and ignore authentication attempts by mobile-application-created users.
-
0
To be more precise: If you are using the same authentication service for both of your clients, your clients will need to identify themselves additionally. That way, your authentication service can then check for the specific user-property (mentioned in my post before) and then decide whether to ignore or not.