Windows Store app - Authenticate and Authorize users with Server Scripts in Windows Azure Mobile Services

Sign in to queue

Description

Windows Azure Mobile Services enables authentication scenarios with popular social identity providers such as Microsoft Account, Twitter, Facebook and Google.  In this video Nick Harris demonstrates how you can:

  • Authenticate users of your Windows Store apps using their Microsoft Account
  • Restrict access to insert/update/read and delete permissions on the tables within your Mobile service to authenticated users. 
  • Add Server script to track which rows are inserted by authenticated users
  • Add Server script that authorizes users to only view data that they have inserted

Get started with 10 Mobile Services for FREE and try this scenario using the step-by-step tutorials tutorial part 1, tutorial part 2 or sample.

 

Embed

Download

Download this episode

The Discussion

  • User profile image
    Dan Bjorge

    It's a shame that you don't go through server-side validation for update/delete operations - since they would need to validate against the *original* version of the item, which is a little bit more complex than insert and read, they probably warrant some explanation of their own.

  • User profile image
    Andre Steenbergen

    Dan,

    good point, I tried something, but I don't know if this is the best solution

    function update(item, user, request) {
    var todoTable = tables.getTable('todoitem');

    todoTable.where({
    userId: user.userId,
    id : item.id
    }).read({
    success: checkPermissions
    });

    function checkPermissions(results) {
    if (results.length == 1) {
    request.execute();
    } else {
    console.log('User %s attempted to submit an order without permissions.', user.userId);
    request.respond(statusCodes.FORBIDDEN, 'You do not have permission to update item with ID %d.', item.id);
    }
    }
    }

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.