Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
109 lines (71 sloc) 6.39 KB

Azure Chunk Displayer
No macro content available for WYSIWYG editing

Use scripts to authorize users in Mobile Services for iOS

Windows Store / iOS

The iOS client library for Mobile Services is currently under development on GitHub. We welcome feedback on and contributions to this library.

This topic shows you how to use server scripts to authorize authenticated users for accessing data in Windows Azure Mobile Services from an iOS app. In this tutorial you register scripts with Mobile Services to filter queries based on the userId of an authenticated user, ensuring that each user can see only their own data.

This tutorial is based on the Mobile Services quickstart and builds on the previous tutorial Get started with authentication. Before you start this tutorial, you must first complete Get started with authentication.

Register scripts

Because the quickstart app reads and inserts data, you need to register scripts for these operations against the TodoItem table.

  1. Log on to the Windows Azure Management Portal, click Mobile Services, and then click your app.

  2. Click the Data tab, then click the TodoItem table.

  3. Click Script, then select the Insert operation.

  4. Replace the existing script with the following function, and then click Save.

    function insert(item, user, request) {
      item.userId = user.userId;    

    This script adds a userId value to the item, which is the user ID of the authenticated user, before it is inserted into the TodoItem table.


    Dynamic schema must be enabled the first time that this insert script runs. With dynamic schema enabled, Mobile Services automatically adds the userId column to the TodoItem table on the first execution. Dynamic schema is enabled by default for a new mobile service, and it should be disabled before the app is published to the Windows Store.

  5. Repeat steps 3 and 4 to replace the existing Read operation with the following function:

    function read(query, user, request) {
       query.where({ userId: user.userId });    

    This script filters the returned TodoItem objects so that each user only receives the items that they inserted.

Test the app

  1. In Xcode, open the project that you modified when you completed the tutorial Get started with authentication.

  2. Press the Run button to build the project, start the app in the iPhone emulator, then log-on with your chosen identity provider.

    Notice that this time, although there are items already in the TodoItem table from preview tutorials, no items are returned. This happens because previous items were inserted without the userId column and now have null values.

  3. In the app, enter text in Insert a TodoItem and then click Save.

    This inserts both the text and the userId in the TodoItem table in the mobile service. Because the new item has the correct userId value, it is returned by the mobile service and displayed in the second column.

  4. Back in the todoitem table in the Management Portal, click Browse and verify that each newly added item how has an associated userId value.

  5. (Optional) If you have additional login accounts, you can verify that users can only see their own data by closing the app and then running it again. When the login credentials dialog is displayed, enter a different login, and then verify that the items entered under the previous account are not displayed.

Next steps

This concludes the tutorials that demonstrate the basics of working with authentication. Consider finding out more about the following Mobile Services topics:

Something went wrong with that request. Please try again.