I have the following scenario:
1) Azure Mobile Services API 2) Custom Authentication 3) Web and Xamarin Clients 4) Small test harness (.NET app using MSTest)
With the custom authentication, I can login from both the browser and the unit test and get back the appropriate userID and token.
Something like this:
var user = await Connect.MobileClient
.InvokeApiAsync<LoginRequest, MobileServiceUser>(
"CustomLogin", new LoginRequest()
{
username = username,
password = password
});
I then do the following:
Connect.MobileClient.CurrentUser = user;
Debugging makes it clear that the userId and the MobileServicesAuthenticationToken are correctly set.
When, I invoke the POST on my controller, however, I'm getting tossed out with unauthorized after the Initialize method on the controller executes.
A few notes:
1) Everything works swimmingly if I do the POST from the "try this out" (after registering, logging in, and pasting the token value in the X-ZUMO-AUTH header).
2) Likewise, no issue if I remove the
[AuthorizeLevel(AuthorizationLevel.User)]
from the controller class or method (tried both).
Here is the failing post (from Fiddler):
POST https://anapi.azure-mobile.net/tables/Organization__systemproperties=__createdAt%2C__updatedAt%2C__version%2C__deleted HTTP/1.1
X-ZUMO-FEATURES: TT
X-ZUMO-INSTALLATION-ID: dfddf760-ecef-49cb-8197-2faaaaa11502
X-ZUMO-APPLICATION: aaaaaauJOUyfFjjPmZpobTybtaaaaaa
Accept: application/json
User-Agent: ZUMO/1.3 (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=1.3.30324.0)
X-ZUMO-VERSION: ZUMO/1.3 (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=1.3.30324.0)
Content-Type: application/json; charset=utf-8
Host: anapi.azure-mobile.net
Content-Length: 110
Expect: 100-continue
Accept-Encoding: gzip
{"OrganizationId":0,"Name":"International Bozo, Inc.","Address":"Dallas, Texas","Accounts":null,"Courses":null}
The "try this" HTTP POST includes the X-ZUMO-AUTH header with the appropriate token.
