Is Dotmim.Sync a Good Fit for Secure Data Synchronization in MAUI and Web API Applications?

[herczegzoltan]

Hello,

I am currently evaluating whether Dotmim.Sync could replace my existing synchronization approach for a MAUI application and Web API backend.

In my current setup, I use SQLite on the MAUI app to store user-generated data locally. When the application detects an internet connection, it identifies unsynchronized records (marked with a "not synced" flag), sends them to the Web API, and updates the central database.

Users register directly within the MAUI app, receiving an authentication token, which is stored locally. The app uses this token for all data synchronization. If the token expires, the app retrieves a new one before continuing. Data is sent as DTOs, and the Web API validates the user's identity with the following logic:

var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (userId is null)
{
    return BadRequest();
}

The server then associates the data with the authenticated user and creates a new model from the dto and sets the ownerId to the logged userId before saving it to the database,

My primary concern with adopting Dotmim.Sync is how it handles authentication when synchronizing between two databases. On the client (MAUI) side, I only store the user's name, token, and email address — no sensitive data like user IDs or passwords.

Would it be possible to use the Web API as middleware for synchronization with Dotmim.Sync to maintain authentication and security? If so, how would this be implemented in a scenario where the client only stores minimal user data?

Any inputs would be appreciated.

Thank you for all your input in advance!

[Mimetis]

Did you look at this sample ? https://github.com/Mimetis/Dotmim.Sync/tree/master/Samples/HelloWebAuthSync

[herczegzoltan]

Thank you for this amazing project, I have done some tests and seems working as expected. I am replacing my own implemented sync mechanism with this one for production.