SALES: 1-800-867-1380
1 out of 1 rated this helpful - Rate this topic

Permissions

Updated: April 2, 2014

Windows Azure Mobile Services enables you to set the following permissions on specific table operations (insert, read, update and delete) and specific custom API request methods (GET, POST, PUT, PATCH, and DELETE):

  • Everyone: This means that any request is accepted. This option leaves the specific resource wide-open for everyone to access.

  • Anybody with the Application Key: The application key is required to access the requested resources.

    securitySecurity Note
    The application key is distributed with the application. Because this key is not securely distributed, it cannot be considered a security token. To secure access to your mobile service data, you must instead authenticate users before accessing.

  • Only Authenticated Users: Only authenticated users are permitted to access the requested resources. Server-side code can be used to further restrict access to tables based on an authenticated user.

  • Only Scripts and Admins: The service master key is required to access the requested resources. This limits access to code running on the service and administrator accounts, which includes the Windows Azure Management Portal.

In a JavaScript backend mobile service, these permissions are set in the Management Portal. In a .NET backend mobile service, permissions are set by applying the AuthorizationLevel attribute at either the method or the class level.

For examples of setting permissions for table operations, see Get started with users (Windows Store C# / Windows Store JavaScript / Windows Phone / iOS / Android / HTML). For an example of setting permissions for custom API request methods, see Define a custom API that supports pull notifications (Windows Store C# / Windows Store JavaScript).

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.