Firebase Realtime Database Rules Denied Permission

0
votes

I am registering user using Email/Password Sign-In-Method. So after successfully registration and loge in, I can't read and write my data in Firebase Real Time.

I'm new to Firebase so I can't really figure out what the main problem is or which steps I have missed.

This rule is obviously working fine:

{
       "rules": {
              ".read": "auth == null",
              ".write": "auth == null"
        }
   }

However, this rule is not working, although my user is already registered and has got a UID.

{
       "rules": {
              ".read": "auth != null",
              ".write": "auth != null"
        }
   }

It always shows the following error:

Exception occured while processing the request.
Url: https://App-Name-6ssd2.firebaseio.com/Appointments/-MUAG-CHWBFSv-Vrtsoc/.json?print=silent

Response: {
  "error" : "Permission denied"
}

What I currently want is to allow ANY registered user to read/write everybody's information, but it always denied the permission.

Screenshots:

enter image description here

enter image description here

enter image description here

My implementation for getting Firebase Data. The error is also pointing to the this method.

  public async Task<List<Appointment>> GetUserAppointment(string userId)
        {
            var appointments = (await Firebase.Child("Appointments")
              .OnceAsync<Appointment>()).Where(a => a.Object.UID == userId).Select(item =>
              new Appointment
              {
                  UID = item.Object.UID,
                  AppointmentID = item.Object.AppointmentID,
                  Title = item.Object.Title,
                  Date = item.Object.Date,
                  Time = item.Object.Time,
                  Status = item.Object.Status,
                  ReasonText = item.Object.ReasonText

              }).ToList();
            return appointments;

My implementation when a user SinUp for the first time.

 public async Task<string> SignUpWithEmailAndPassword(string email, string password)
        {
            try
            {
                var signUpTask = await auth.CreateUserWithEmailAndPasswordAsync(email, password);
                var user = signUpTask.User;
                var token = await auth.CurrentUser.GetIdToken(false).AsAsync<GetTokenResult>();

                await SendEmailVerification();

                return token.Token;
            }
            catch (FirebaseAuthInvalidUserException e)
            {
                e.PrintStackTrace();
                return string.Empty;

            }
            catch (FirebaseAuthInvalidCredentialsException e)
            {
                e.PrintStackTrace();
                return string.Empty;

            }
            catch (FirebaseAuthUserCollisionException existEmail)
            {
                existEmail.PrintStackTrace();
                return string.Empty;
            }
        }

In order to check whether a user is authenticated/verified or not, i did the debugging and as a result... I can see the same UID in my console as it is in Firebase -> Authentication -> Users.

Here is the screenshot. enter image description here

Debugging GetUserAppointment(string userID) to check whether the current user is set. enter image description here

1
c#firebase-realtime-databasexamarin.formsfirebase-security
Did you forget to include the actual C# code that produces the error? - Frank van Puffelen
@FrankvanPuffelen Thanks for the response. I have just added the C# Code. You can go and check it! Thanks - Hashmat
How do you know that there is a currently signed in user (which is what your rules are checking)? - Frank van Puffelen
Also note that I doubt that Firebase.Child("Appointments").OnceAsync<Appointment>()).Where(a => a.Object.UID == userId) executes the condition server-side, so I recommend looking into queries here too: firebase.google.com/docs/database/unity/… - Frank van Puffelen
@FrankvanPuffelen I can check whether a user is signed in or not by giving out line following of code: FirebaseAuth auth = FirebaseAuth.Instance; var userId = auth.Uid; After login successfully I can see the exact same UID in my console as it is in Firebase -> Authentication -> Users. - Hashmat

1 Answers

0
votes

It's because you are not authorized to the Database, check the Rules Tab in the Realtime database.

  1. Open firebase, select database on the left hand side.

  2. Now on the right hand side, select Realtime database from the dropdown and change the rules to allow anyone to write the Database

    {

 "rules": {
".read": true,
".write": true
}
}

Your rule is:

{
 "rules": {
".read": "auth != null",
".write":"auth != null"
 }
 }

This means only authorized user's can write and read the Data.