Microsoft Azure Mobile Services

Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Download this episode

Download Video

Description

Windows Azure Mobile Services enables authentication scenarios with popular social identity providers such as Microsoft Account, Twitter, Facebook and Google.  In this video Nick Harris demonstrates how you can:

  • Authenticate users of your Windows Store apps using their Microsoft Account
  • Restrict access to insert/update/read and delete permissions on the tables within your Mobile service to authenticated users. 
  • Add Server script to track which rows are inserted by authenticated users
  • Add Server script that authorizes users to only view data that they have inserted

Get started with 10 Mobile Services for FREE and try this scenario using the step-by-step tutorials tutorial part 1, tutorial part 2 or sample.

 

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • Dan Bjorge

      It's a shame that you don't go through server-side validation for update/delete operations - since they would need to validate against the *original* version of the item, which is a little bit more complex than insert and read, they probably warrant some explanation of their own.

    • Andre Steenbergen

      Dan,

      good point, I tried something, but I don't know if this is the best solution

      function update(item, user, request) {
      var todoTable = tables.getTable('todoitem');

      todoTable.where({
      userId: user.userId,
      id : item.id
      }).read({
      success: checkPermissions
      });

      function checkPermissions(results) {
      if (results.length == 1) {
      request.execute();
      } else {
      console.log('User %s attempted to submit an order without permissions.', user.userId);
      request.respond(statusCodes.FORBIDDEN, 'You do not have permission to update item with ID %d.', item.id);
      }
      }
      }

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.