No macro content available for WYSIWYG editing
Language: C# and XAML
This topic shows you how to use server scripts to authorize authenticated users for accessing data in Windows Azure Mobile Services from a Windows Store app. In this tutorial you register scripts with Mobile Services to filter queries based on the userId of an authenticated user, ensuring that each user can see only their own data.
This tutorial is based on the Mobile Services quickstart and builds on the previous tutorial Get started with authentication. Before you start this tutorial, you must first complete Get started with authentication.
Because the quickstart app reads and inserts data, you need to register scripts for these operations against the TodoItem table.
-
Log on to the Windows Azure Management Portal, click Mobile Services, and then click your app.
-
Click the Data tab, then click the TodoItem table.
-
Click Script, then select the Insert operation.
-
Replace the existing script with the following function, and then click Save.
function insert(item, user, request) { item.userId = user.userId; request.execute(); }This script adds a userId value to the item, which is the user ID of the authenticated user, before it is inserted into the TodoItem table.
NoteDynamic schema must be enabled the first time that this insert script runs. With dynamic schema enabled, Mobile Services automatically adds the userId column to the TodoItem table on the first execution. Dynamic schema is enabled by default for a new mobile service, and it should be disabled before the app is published to the Windows Store.
-
Repeat steps 3 and 4 to replace the existing Read operation with the following function:
function read(query, user, request) { query.where({ userId: user.userId }); request.execute(); }This script filters the returned TodoItem objects so that each user only receives the items that they inserted.
-
In Visual Studio 2012 Express for Windows 8, open the project that you modified when you completed the tutorial Get started with authentication.
-
Press the F5 key to run the app and sign into Live Connect with your Microsoft Account.
Notice that this time, although there are items already in the TodoItem table from preview tutorials, no items are returned. This happens because previous items were inserted without the userId column and now have null values.
-
In the app, enter text in Insert a TodoItem and then click Save.
This inserts both the text and the userId in the TodoItem table in the mobile service. Because the new item has the correct userId value, it is returned by the mobile service and displayed in the second column.
-
Back in the todoitem table in the Management Portal, click Browse and verify that each newly added item how has an associated userId value.
-
(Optional) If you have an additional Microsoft Account, you can verify that users can only see their own data by closing the app (Alt+F4) and then running it again. When the login credentials dialog is displayed, enter a different Microsoft account, and then verify that the items entered under the previous account are not displayed.
This concludes the tutorials that demonstrate the basics of working with authentication. Consider finding out more about the following Mobile Services topics:
-
Get started with data
Learn more about storing and querying data using Mobile Services. -
Get started with push notifications
Learn how to send a very basic push notification to your app. -
Mobile Services server script reference
Learn more about registering and using server scripts.