I use web api 2 and asp.net identity to make the back-end for an mobile app.
I don't want the api to be open, but the app users should be able to use most functions without creating an account.
Is it bad practice to create temporary users(local user account named user65163138546 etc.) for all app installs and use that to authorize api calls?
Better to have some sort of key? Whats a good way to generate keys?