Azure Mobile App Service APIkey

I created an Azure Mobile App Service which is currently accessible 'Anonymously'

Anonymous access is enabled on the App Service app. Users will not be prompted for login.

To make it secure I can enable App Service Authentication which will ask users to log in

App Service Authentication

But this is not what I want - The data in this app is only accessed by Application without the need of each and every user to login to my app before using it.

So you might say, in this case, Anonymous access is fine but I want to restrict it with something at least like an API Key so I will have access to the API which my app can use to access the data to prevent random requests as anyone can just go and use Postman and start getting data without any authentication.

Anonymous access

API Key

So in short, I don't want individual user authentication, but at least an API Key to ensure only requests made from my app are authenticated and nothing else.

I am using the following in my mobile app to create a connection and also doing Offline sync etc

MobileServiceClient client = new MobileServiceClient(applicationURL);

Any idea how do I do that?

FYI. My server side backend is in C#

1 Answer
1

Since you are using Azure Mobile Apps, for your requirement, you could leverage Custom Authentication for building your CustomAuthController to login and generate the JWT token for a specific user without user interaction. The core code snippet for logging would look like as follow:

CustomAuthController

MobileServiceClient client = new MobileServiceClient("https://{your-mobileapp-name}.azurewebsites.net/"); client.LoginAsync("custom", JObject.FromObject(new{Username="***",Password="***"}));

Note: As the above tutorial mentions as follows:

You must turn on Authentication / Authorization in your App Service. Set the Action to take when request is not authenticated to Allow Request (no action) and do not configure any of the supported authentication providers.

And you must explicitly add [Authorize] attribute for your controllers / actions which need to be authorized access. Details you could follow Authentication in the Backend.

[Authorize]

Hi Bruce, thanks for your reply, I did so much research on this and finally implemented a CustomAuth controller and also restricted the data per-user-based by modifying TableContollers to ensure that the data for the right user is updated and the user is what they claim to be. Works perfect and tested in Postman etc - What I got stuck at is on Mobile side, client.LoginAsync("custom", JObject.FromObject(user)); gives me JSON.NET Error - Should i open a new question for that?
– aliusman
Jul 2 at 3:27

CustomAuth controller

per-user-based

TableContollers

client.LoginAsync("custom", JObject.FromObject(user));

If you have tested via postman about custom authentication, it means that your backend is correct. For JSON.NET Error error, it maybe your client side issue. Have you used fiddler to capture the network traces when sending your custom login request? What is the version of your mobile client SDK?
– Bruce Chen
Jul 2 at 3:34

JSON.NET Error

Yes, Just now I modified my web application and it works fine by sending the authToken for right userID, It was not so enjoyable experience but I would say the server implementation is correct. I haven't used fiddler but in Logcat i get this error cannot access child value on newtonsoft.json.linq.jvalue where JObject is the object i am sending with userid/password
– aliusman
Jul 2 at 3:41

cannot access child value on newtonsoft.json.linq.jvalue

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

搜尋此網誌

Gtjkyu