Has azure user ids changed their format?

0
votes

Good evening ppl at Microsoft!

I have an Mobile App Service at Microsoft Azure Located at South Central US named CeneamApp.

My backend is configured in a way so that my user can access only the data they capture, by making use of stable user ids.

so I had followed Adrian Hall book to create an a user id (https://adrianhall.github.io/develop-mobile-apps-with-csharp-and-azure/chapter2/authorization/)with the following format sid:{identifier}as described here: (https://github.com/Azure/azure-mobile-apps-net-server/wiki/Understanding-User-Ids).

now all my userid had been changed and my user cant access their previous data capture by them, because somehow the provider or issuer or whatever is going on, doesnt let me retrieve a user id as described by the github project team wiki (in the previous link). so instead i receive a new userid but seem to be a random number:

I'm adding screenshot of the essential part of my code at my backend project which i debugged so i could understand whats going on and my dummy database where you can see an stable_id save on it and the new suppose stable_ids the next two rows.

enter image description here

Debugged code retrieving apparently a new userid from FACEBOOK could you confirm about this change? because I havent been able to understand this change.

enter image description here

Dummy Database with the lost userid and the new ones from other accounts database screenshot

if anyone has information about this odd behavior i would appreciate to enlight me, because this line of code:

principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;

used to give me a user id with this format: "sid:{identifier}", now the format is a the screenshot shows.

1
azureauthenticationazure-mobile-servicesuseridazure-authentication
It seems that the sid you get now is stable_sid. And have you set an App Setting of WEBSITE_AUTH_HIDE_DEPRECATED_SID to true in the portal? If you have a stable_sid claim (found using claimsUser.FindFirst("stable_sid")), then you should get ClaimTypes.NameIdentifier claim which is the old-style sid. - Allen Wu
yes I do, the result still the same. I used to get sid:{identifier} before december 22nd, 2019, which is according the documentation the new style for user ids, my app service or backend stop delivering user ids using the format described before. I still ignoring the reason. - Enrique A. Pinelo Novelo

1 Answers

0
votes

Same situation here. About to go live and suddenly this. Interesting that only one Mobile App based in the UK datacenter is affected. Other 2 apps which are in production and plus another Web App are still fine.

The full solution can only be provided by Azure team. But I have a workaround and and idea:

1. Workaround. In the base controller I read and parse the token from the header. The sid is in the subject of the token. The code is simple:

        string _userSid;
        public string UserSid
        {
            get
            {
                if (_userSid == null)
                {
                    KeyValuePair<string, IEnumerable<string>> auth_header = Request.Headers.FirstOrDefault(h => h.Key.Equals("x-zumo-auth", StringComparison.InvariantCultureIgnoreCase));
                    string token = auth_header.Value.FirstOrDefault();
                    if (!string.IsNullOrEmpty(token))
                    {
                        var jwtToken = new JwtSecurityToken(token);
                        if (jwtToken != null)
                        {
                            _userSid = jwtToken.Subject;
                        }
                    }
                }

                return _userSid;
            }
        }

I use it instead of getting this from ClaimPrinciple as per manual. I checked the Mobile App Server code does a very similar thing.

2. Idea. Azure Mobile Apps have this parameter: MobileAppsManagement_EXTENSION_VERSION it is recommended to set to latest. I think if we downgraded it to previous version it would work until Microsoft finds and solves the problem. The only issue is that I do not know and could not find the version number. May be someone knows and can post here?