We plan to use Windows Azure Mobile Services for several of our commercial apps and would like to create a single data store for users instead of creating it for every mobile service. We don't want to use Microsoft or Facebook... providers due to this issue Multiple apps using a single Azure Mobile Service for Live Authentication?
This way, the user data for all our apps is stored in single separate Custom_Auth database and the users won't need to Register again for our other apps. Should we create a separate mobile service that basically enables custom authentication and acts as a provider for other apps?
Do you see any pitfalls with this approach and what steps would I need to take for creating this custom provider as a separate mobile service?
Basically, we want to create our own provider so that user of one our apps can login to the other apps using the same credentials.
I have read through the following links. Posting them here as they may be useful for others starting out with Authentication and Azure Mobile Services.
http://www.thejoyofcode.com/Generating_your_own_ZUMO_auth_token_Day_8_.aspx
http://www.thejoyofcode.com/Fetching_a_basic_user_profile_in_Mobile_Services_Day_9_.aspx
http://www.thejoyofcode.com/Exploring_custom_identity_in_Mobile_Services_Day_12_.aspx
http://chrisrisner.com/Authentication-with-Windows-Azure-Mobile-Services
Thanks in advance
Hope this helps you
http://chrisrisner.com/Authentication-with-iOS-and-Windows-Azure-Mobile-Services
Someone created a custom authentication API using AZURE
with Parse.com, you are limited to their backend and unfortunately it doesn't have all the nice features as Azure
MS really messed us around with this
Related
I would like to understand if I can use Azure AD authentication for our enterprise application. Basically we have a service that manages component data for several thousand product teams in my company. The requirement is team A can only view their data. According to https://www.youtube.com/watch?v=59YwW8FrLm8, we can create custom roles in an Azure app and assign them to different client apps. My concern is that is there a limit on how many roles we can create in the app? We have several thousand product teams to support. Also, is there any performance impact on large number of custom roles in an app?
The bigger question is if we should utilize Azure OIDC to do this authorization. Is this something that we are better off writing our own authorization logic?
Confirmed that by default, it is 5000.
This is more of an 'Is this possible' question. A developer on the team suggested using Azure AD for user management, but one of the requirements is that the app admin be able to add/manage user access through the application without having to go to the Azure Portal.
So the question is, is the Graph API (or some other mechanism) full featured enough to replace the portal (at least for basic user set up and management) and allow all actions to be done from the application UI?
Thanks.
Simple answer to your question is Yes. Graph API can be used to manage users and their access to applications instead of using Azure Portal. In fact, Azure Portal itself makes use of Graph API to perform these operations.
You may also need to use Azure REST API if you're planning on managing Azure resources as well through this custom application especially Authorization APIs if you want to manage access to Azure resources (Azure Role-based access control) through your application.
I have running the basic todoitem app service running on azure. Calling the below url will display the content in the todoitem table. How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
https://MyappService.azurewebsites.net/tables/ToDoItem
How can I add basic security to prevent this data from being accessed by anyone, like a basic parameter, ToDoItem?MyToken=12345.
I would recommend you using the build-in Authentication and authorization in Azure App Service.
App Service supports five identity providers out of the box: Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter. To expand the built-in support, you can integrate another identity provider or your own custom identity solution.
Here are some great tutorials, you could refer to them:
For Node.js backend, you could follow 30 DAYS OF AZURE MOBILE APPS.
For developing azure mobile apps with C#, you could follow here.
I am going to develop a mobile app, its bit of social kind of app.
For data, I am planning to use Azure SQL for hierarchical data and Azure Storage for images etc.
Now for user authentication, I want my users to log in using oAuth providers such as Facebook/google/live etc rather than developing a user authentication of my own.
So for oAuth, I am planning to use Azure Mobile Services.
The thing I am not clear is after I authenticate user using Mobile Services, how I go to query the user's data that is in Azure SQL . Should I use the APIs that I can write in Node.js from Mobile Services or should I develop a WebAPI project to talk to data.
Using Mobile Service's node.js API looks easy and simplest way, but the apprehension I have with querying data from Mobile Service is it allows to query the tables that are in its own schema. If I wish to have some tables in some other logical schema, I won't be able to query it from Mobile services. Is my understanding correct here?
.net WEBAPI will be my preferred way of talking to database,but if I write a WebAPI, how do I get user's Identity carried from Mobile Services to WebAPI.
if someone can point me to some example/sample of using using Web API and Mobile Services together, will appreciate
thanks in advance.
Mobile Services would allow you to access table's outside of its schema, although it is more work. You can use the MSSQL object to talk to additional schemas. See: http://www.windowsazure.com/en-us/documentation/articles/mobile-services-how-to-use-server-scripts/#TSQL
The new .NET runtime, currently in preview, also has support for using multiple data sources.
I would keep azure mobile services for authentication. You can then create your full schema in SQL where your user is nothing more than the userid from mobile services.
In code you end up with this user id after authentication. From that point forward everything is in SQL.
I am developing a WP8 app, which requires authentication in order to get a token to call the web api backend. I don't want to create my own account management mechanism, because it seems silly in our day and age to implement my own account repository.
I am using Azure anyway, so I thought to leverage it for the user management and authentication/authorization. What better place to manage users than Active Directory. If I also use ACS, I can get both "native" accounts and using other providers (Facebook, Microsoft Accounts, etc.) right out of the box.
So I have been searching for DAYS and I can't find even one tutorial or example or even someone talking about a flow that includes WP8, Azure AD/ACS and Web API.
I can only find tutorials on authenticating with Mobile Services and I don't want to use that, as it seems much to simple for what I need.
Is this use case even supported currently? Can one authenticate users of a WP8 app using Azure AD and then receive a token for authorization with a Web API hosted in a VM?
Vittorio has just blogged about this:
A Sample Windows Phone 8 App Getting Tokens from Windows Azure AD and ADFS.
The article also has a link to his earlier one - Fun With Windows Azure AD: Calling REST Services from a Windows Phone 8 App (which may have been one you found?).