1

I am working on an application which has an azure asp.net mvc website and an azure mobile service. Both will be using the same azure sql database.

I understand that I can use custom or Microsoft, Facebook based authentication using my mobile service. The website and the mobile app that I will be building though will have different features in the website and on the mobile app based on the role of the user.

How should I go about implementing user roles? If this was just an asp.net application, I would have just used ASP.NET Identity but not sure how to do this with Mobile Services.

I found a similar question asked a year ago with no resolution - Using ASP.NET 4.0 membership provider with Azure Mobile Services

If there is an existing implementation or guidance out there, please point me in that direction. Thanks.

Community
  • 1
  • 1
Pratik Kothari
  • 2,446
  • 2
  • 32
  • 54

1 Answers1

1

As of today, there isn't a super easy way to handle this no matter how you slice it. You can take a look at this post (there is another dealing with the JavaScript backend that is linked from this) http://www.acupofcode.com/2014/04/general-roles-based-access-control-in-the-net-backend/ that talks about role based access control using Azure Active Directory. AAD may not be the option you want to go with. In which case, you'd need to implement the roles and checks in your Mobile Service yourself. If you only have two levels such as "normal user" and "admin" you COULD dictate everything based off of the user.level property and if they are "authenticated" they only have basic user access but if they're "admin" they have admin functionality. You'd still need to do the role based logic in your backend but I think you'll need to handle that no matter what.

Alternatively, what I think you could look at doing, is using the ASP.NET Identity system. Then from your Mobile Service, you can use the same type of custom auth I've documented here (http://chrisrisner.com/Custom-Authentication-with-Azure-Mobile-Services-and-LensRocket) but instead of checking against and storing a username/password in your Mobile Service like that sample is doing, when the user goes to register / login, you could check against the user backend created by the ASP.NET identity system. I don't have a sample off hand of that working but it sounds doable in my head.

Chris
  • 3,007
  • 2
  • 19
  • 21
  • I like the idea of using asp.net Identity behind the Azure Website but do you mean 1. create sql database with asp.net identity 2. connect that db with mobile service 3. implement custom auth in mobile service using custom api Questions though: would mobile service like the schema of asp.net identity? for Facebook, google providers how would that work as far as roles - again, it is hard to think through this without actually implementing but I can give it a shot and bug you again with questions :) – Pratik Kothari Apr 23 '14 at 20:06
  • I'll preface this with saying it's been a while since I've looked at ASP.NET identity. My thought was to: 1. Create the SQL DB to be used with ASP.NET identity. 2. Create your Mobile Service and connect it to the same DB. 3. From the Mobile Apps side, implement a custom auth flow that actually uses ASP.NET's identity behind the scenes. You should be able to funnel registration / login requests to your ASP.NET identity if you can't go to the DB directly (remember your Mobile Service can use MSSQL module (for JS and C# for .NET) to talk to other parts of the database if needed) – Chris Apr 23 '14 at 20:19
  • I don't know that you'd really be able to connect this with Facebook / Google unless ASP.NET identity has the facilities to do this and then handle roles on top of it. If not and you want Facebook / Google, I think the best approach would be using the built in auth in Mobile Services and then creating your own role system inside your Mobile Service. Definitely a bit of work but doable. Please do follow up if you have questions and let me know how you get it working. – Chris Apr 23 '14 at 20:23
  • 1
    see this http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on On further thought, I think I may decide not to use Mobile Services. I can use an Azure MVC website, Azure SQL Server and Web API to do this and leverage ASP.NET Identity and its database. I wish there was a better way to leverage ASP.NET Identity within mobile services . – Pratik Kothari Apr 24 '14 at 16:55