Re: Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Dan Bjorge — Mon, 24 Dec 2012 09:52:17 GMT

It's a shame that you don't go through server-side validation for update/delete operations - since they would need to validate against the *original* version of the item, which is a little bit more complex than insert and read, they probably warrant some explanation of their own.

posted by Dan Bjorge

Re: Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Andre Steenbergen — Thu, 24 Jan 2013 14:13:59 GMT

Dan,

good point, I tried something, but I don't know if this is the best solution

function update(item, user, request) {
var todoTable = tables.getTable('todoitem');

todoTable.where({
userId: user.userId,
id : item.id
}).read({
success: checkPermissions
});

function checkPermissions(results) {
if (results.length == 1) {
request.execute();
} else {
console.log('User %s attempted to submit an order without permissions.', user.userId);
request.respond(statusCodes.FORBIDDEN, 'You do not have permission to update item with ID %d.', item.id);
}
}
}

posted by Andre Steenbergen

Comment Feed for Channel 9 - Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Re: Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Re: Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services