Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Download

Right click “Save as…”

Windows Azure Mobile Services enables authentication scenarios with popular social identity providers such as Microsoft Account, Twitter, Facebook and Google.  In this video Nick Harris demonstrates how you can:

  • Authenticate users of your Windows Store apps using their Microsoft Account
  • Restrict access to insert/update/read and delete permissions on the tables within your Mobile service to authenticated users. 
  • Add Server script to track which rows are inserted by authenticated users
  • Add Server script that authorizes users to only view data that they have inserted

Get started with 10 Mobile Services for FREE and try this scenario using the step-by-step tutorials tutorial part 1, tutorial part 2 or sample.

 

Tags:

Follow the Discussion

  • Dan BjorgeDan Bjorge

    It's a shame that you don't go through server-side validation for update/delete operations - since they would need to validate against the *original* version of the item, which is a little bit more complex than insert and read, they probably warrant some explanation of their own.

  • Andre SteenbergenAndre Steenbergen

    Dan,

    good point, I tried something, but I don't know if this is the best solution

    function update(item, user, request) {
    var todoTable = tables.getTable('todoitem');

    todoTable.where({
    userId: user.userId,
    id : item.id
    }).read({
    success: checkPermissions
    });

    function checkPermissions(results) {
    if (results.length == 1) {
    request.execute();
    } else {
    console.log('User %s attempted to submit an order without permissions.', user.userId);
    request.respond(statusCodes.FORBIDDEN, 'You do not have permission to update item with ID %d.', item.id);
    }
    }
    }

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.