Get started with authentication in Mobile Services
This topic shows you how to authenticate users in Windows Azure Mobile Services from your app. In this tutorial, you add authentication to the quickstart project using an identity provider that is supported by Mobile Services. After being successfully authenticated and authorized by Mobile Services, the user ID value is displayed.
This tutorial walks you through these basic steps to enable authentication in your app:
- Register your app for authentication and configure Mobile Services
- Restrict table permissions to authenticated users
- Add authentication to the app
This tutorial is based on the Mobile Services quickstart. You must also first complete the tutorial Get started with Mobile Services.
Completing this tutorial requires Eclipse and Android 4.2 or a later version.
Register your app for authentication and configure Mobile Services
To be able to authenticate users, you must register your app with an identity provider. You must then register the provider-generated client secret with Mobile Services.
-
Log on to the Windows Azure Management Portal, click Mobile Services, and then click your mobile service.
-
Click the Dashboard tab and make a note of the Site URL value.
You may need to provide this value to the identity provider when you register your app.
-
Choose a supported identity provider from the list below and follow the steps to register your app with that provider:
Remember to make a note of the client identity and secret values generated by the provider.
Security Note
The provider-generated secret is an important security credential. Do not share this secret with anyone or distribute it with your app.
-
Back in the Management Portal, click the Identity tab, enter the app identifier and shared secret values obtained from your identity provider, and click Save.
Both your mobile service and your app are now configured to work with your chosen authentication provider.
Restrict permissions to authenticated users
-
In the Management Portal, click the Data tab, and then click the TodoItem table.
-
Click the Permissions tab, set all permissions to Only authenticated users, and then click Save. This will ensure that all operations against the TodoItem table require an authenticated user. This also simplifies the scripts in the next tutorial because they will not have to allow for the possibility of anonymous users.
-
In Eclipse, open the project that you created when you completed the tutorial Get started with Mobile Services.
-
From the Run menu, then click Run to start the app; verify that an unhandled exception with a status code of 401 (Unauthorized) is raised after the app starts.
This happens because the app attempts to access Mobile Services as an unauthenticated user, but the TodoItem table now requires authentication.
Next, you will update the app to authenticate users before requesting resources from the mobile service.
Add authentication to the app
-
In the Package Explorer in Eclipse, open the ToDoActivity.java file and add the following import statements.
import com.microsoft.windowsazure.mobileservices.MobileServiceUser;
import com.microsoft.windowsazure.mobileservices.MobileServiceAuthenticationProvider;
import com.microsoft.windowsazure.mobileservices.UserAuthenticationCallback;
-
Add the following method to the ToDoActivity class:
private void authenticate() {
// Login using the Google provider.
mClient.login(MobileServiceAuthenticationProvider.Google,
new UserAuthenticationCallback() {
@Override
public void onCompleted(MobileServiceUser user,
Exception exception, ServiceFilterResponse response) {
if (exception == null) {
createAndShowDialog(String.format(
"You are now logged in - %1$2s",
user.getUserId()), "Success");
createTable();
} else {
createAndShowDialog("You must log in. Login Required", "Error");
}
}
});
} This creates a new method to handle the authentication process. The user is authenticated by using a Google login. A dialog is displayed which displays the ID of the authenticated user. You cannot proceed without a positive authentication.
Note
If you are using an identity provider other than Google, change the value passed to the login method above to one of the following:MicrosoftAccount,Facebook, orTwitter.
-
In the onCreate method, add the following line of code after the code that instantiates the MobileServiceClient object.
authenticate();
This call starts the authentication process.
-
Move the remaining code after authenticate(); in the onCreate method to a new createTable method, which looks like this:
private void createTable() {
// Get the Mobile Service Table instance to use
mToDoTable = mClient.getTable(ToDoItem.class);
mTextNewToDo = (EditText) findViewById(R.id.textNewToDo);
// Create an adapter to bind the items with the view
mAdapter = new ToDoItemAdapter(this, R.layout.row_list_to_do);
ListView listViewToDo = (ListView) findViewById(R.id.listViewToDo);
listViewToDo.setAdapter(mAdapter);
// Load the items from the Mobile Service
refreshItemsFromTable();
} -
From the Run menu, then click Run to start the app and sign in with your chosen identity provider.
When you are successfully logged-in, the app should run without errors, and you should be able to query Mobile Services and make updates to data.
Next steps
In the next tutorial, Authorize users with scripts, you will take the user ID value provided by Mobile Services based on an authenticated user and use it to filter the data returned by Mobile Services.