Hi I have taken all three approaches for different projects
Your first option is the simplest. I would implement the white list as user records, where the key is the username/userid of the user. The you can just do a get by key and see if the user record exists. (It also allows you to later disable the account, maybe with a boolean property like "status" to deactivate an account without losing the user record, if you want to keep audit trails for instance). T On Sep 20, 3:21 am, fb <[email protected]> wrote: > Hi, > > I am writing an application where I want to restrict the users that > can log on. My preference is to use Google Accounts authentication as > that way I don't need to worry about creating, storing, encrypting, > etc. usernames and passwords. Of course the problem is that using > Google Accounts authentication anyone with a Google account can log in > whereas I want a select few on my whitelist. > > The only way I can see to do this is to allow the user to log on and > then use the UserService.getCurrentUser to get the username / e-mail, > and only if they are on the white list I then 'open up' the > application to give access. Is this a reasonable approach? > > The alternative would be to use a Google Apps domain. That may work > but I really don't need the functionality of Google Apps for my app > and also the standard, free edition is restricted to 50 users. > > The third approach would be to use to create my own authenticaion api > but as mentioned before, not to keen on that. > > I'd appreciate if you could give any suggestions for the best practice > for my use case. > > Thanks. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
