How to authorize your users with Azure Mobile Services?
Microsoft’s Azure Mobile Services (AMS) allows application developers to register their app with one or more authentication providers like Google, Facebook, Twitter, Microsoft and Azure Active Directory. You can configure this using the guide. So, in this post, I’ll explain you how to authorize your users with Azure Mobile Services (AMS).
The topic to focus for this post is authorization i.e. whether the user who has requested for a resource on server is allowed to access it or not. There are following ways to let AMS backend know that who is making the request:
|Header Field Name||Header Field Value||Description|
|X-ZUMO-APPLICATION||[App-key]||The application key of the mobile service. You must specify a valid application key when required to access the table operation. This is the default table operation access permission.|
|X-ZUMO-AUTH||[Auth-token]||The service-generated authentication token for an authenticated user. You must specify a token for an authenticated user when required to access the table operation.|
|X-ZUMO-MASTER||[Master-key]||The service master key. You should only include this key when administrator access is required to access the table operation.|
The app and machine keys mentioned in the table above can be found in azure portal. First select your mobile service and then click on Manage Keys to view both the keys. The auth key mentioned above is self explanatory.
To define the authorization level for server resources, an attribute named AuthorizeLevel needs to be used to decorate at controller level or controller’s action level. The values that we can use with this is as follows: Anonymous, Application, User and Admin which are all defined by enum AuthorizationLevel. Anonymous means the controller and action is open for everyone. Application means the request will be accepted only by the application where X-ZUMO-APPLICATION header in the request is used for authorization. Similarly, X-ZUMO-AUTH, X-ZUMO-MASTER headers in the request are used for authorization if a controller or action is decorated with User and Admin respectively.
Hope, this small post will help someone as even I was not able to find this out using official documentation.