0

I am making a WPF App and i'm using Firestore with this app. Problem is that when i write a new value to Firestore, it let me write although Firestore rules are set to 'false'. So Firestore rules are not working but i need them to work.

This is my C# code;

Dictionary<string, object> user = new Dictionary<string, object>
                {
                    { "text", "aaaa" },
                };
            await db.Collection("deneme").Document("doc").SetAsync(user);

and this is my Firestore Rules;

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if false;
    }
  }
}

I wanted to make some rules that let users write and get only their own Datas.

I'm new to C#

ASh
  • 34,632
  • 9
  • 60
  • 82
AliKales
  • 17
  • 8
  • 2
    Security rules only apply to requests coming from web and mobile apps where Firebase Auth is being used, or the REST API if you provide a Firebase Auth user token. They don't apply to the other SDKs used primarily with backend code. – Doug Stevenson Nov 16 '22 at 17:53
  • Is there any specific error showing? if yes please share – Sachith Wickramaarachchi Nov 16 '22 at 17:55
  • specify ur error and put ur complete code here – Sachith Wickramaarachchi Nov 16 '22 at 18:02
  • @DougStevenson so anyone who decompile my WPF app and get my Firebase API key can steal datas? How should i protect my datas? – AliKales Nov 16 '22 at 18:05
  • @SachithWickramaarachchi there is no problem like you say. What i want is told at the first comment. – AliKales Nov 16 '22 at 18:06
  • 1
    That API key is meant to be in the client app. Read: https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public – Doug Stevenson Nov 16 '22 at 18:12
  • @DougStevenson thank you but actually i have read this before but i'm still confused. Basically will it be safe to connect my WPF app to firebase and publish my app on the store? – AliKales Nov 16 '22 at 18:15
  • I don't know. I can't see everything you've done. I can tell you that there are thousands of Android, iOS, and web apps all with their API keys visible to the public that are correctly configured to be secure. – Doug Stevenson Nov 16 '22 at 18:18
  • Well actually i use Firebase authentication and for that i need my API keys `FirebaseAuthProvider authProvider = new FirebaseAuthProvider(new FirebaseConfig("AIzaSyBqroqPb2...................."));` So this will be safe in this way? @DougStevenson – AliKales Nov 16 '22 at 18:28

1 Answers1

0

To fix this issue, i have used REST API

AliKales
  • 17
  • 8