I’m new to Xamarin and trying to figure out how authentication works. I looked into Azure Mobile Service and seems they have identity providers (google, twitter, Microsoft etc.). I’ve a web app built using ASP.NET MVC 5. It uses ASP.NET identity framework. At this time we only care about form based authentication so authentication via twitter/google etc. isn’t supported.
Now I’m planning to build a mobile application using Xamarin. I thought I would build REST API so my Xamarin app can talk to the service. My question is how to take care of authentication? Also I would like to persist authentication even if user restart his device. I think Azure Mobile service doesn’t fit in my scenario, but not too sure though. I would really appreciate some help here. Thanks!
2
Answers
Have the server generate a token for each user. Return that token when you try to login or authenticate with the server. Store the token in the settings for the device. Every subsequent call should pass that token in the header of the HTTP request.
The short version is that form based authentication is for web sites. You need to create a WebAPI that can be used. This is “custom authentication” and is documented here: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-dotnet-backend-how-to-use-server-sdk/#custom-auth
You create a WebAPI that takes the username and password that would have been passed into the Forms auth, do the auth check and produce a JSON Web Token (JWT) that encapsulates the authentication information.
Your Mobile App then submits that JWT as authorization for each subsequent API call. That way you can use Azure Mobile Apps for the table controllers / access for mobile apps and still use the same authentication scheme.