1
votes

I am in the process of learning the Azure Mobile App possibilities in Azure App Services and have a couple of questions in regards to authentication (and authorization). I use the Azure Mobile App Quickstart to learn the available functionality.

First question: Do I understand it correctly that I can't implement custom authentication using the Microsoft.Azure.Mobile.Server.Login package as described in the section "How to: Use custom authentication for your application" of the article Work with the .NET backend server SDK for Azure Mobile Apps as I want to use the built-in Azure authentication providers (for authentication with Facebook, Google, etc.)? I prefer configuration and using the built-in functionality over custom development when it comes to security ;-)

Second question: I am currently trying to add some custom claims (e.g. a role claim read from an Azure SQL database based on the user's SID) to the users that successfully registered and authenticated in my Azure Mobile App. What is the best way to accomplish that? My idea was to add the claims in the Initialize method of the TableController like following and then check for the role using the [Authorize(Roles = "Test")] attribute. Is there any reason why not to do it this way?

    protected override void Initialize(HttpControllerContext controllerContext)
    {
        base.Initialize(controllerContext);
        myapptestContext context = new myapptestContext();
        DomainManager = new EntityDomainManager<TodoItem>(context, Request);

        var claimsPrincipal = this.User as ClaimsPrincipal;
        ClaimsIdentity ci = new ClaimsIdentity();
        string role = "Test"; // get role from Azure SQL database based on user's SID
        ci.AddClaim(new Claim(ClaimTypes.Role, role));
        claimsPrincipal.AddIdentity(ci);
    }
2

2 Answers

3
votes

If you intend to use the built-in authentication providers, then you don't need to use the Microsoft.Azure.Mobile.Server.Login. The built-in providers (AAD, Facebook, Google, Twitter, MSA) will take care of all the details for you.

As far as custom claims go, I don't have any specific guidance. You could put it in the controller initialization, or you could add a piece of custom middleware which injects it, or even a callback in Global.asax. Whatever works best for you and your app.

0
votes

There is a good article describing how to add custom claims to the Identity by using a custom token handler. In the handler the roles for the user are added as claims.

See here: https://blogs.perficient.com/microsoft/2016/05/how-to-add-custom-claims-to-azure-mobile-app-authentication/