Dette indhold er ikke tilgængeligt på dit sprog, men her er den engelske version.

Authorize user


Updated: June 16, 2015

In a JavaScript backend mobile service, server scripts are used to implement authorization rules to make sure that authenticated users can only see their own data or granting additional capabilities to administrators.


To be able to authenticate users, you must register your app with an identity provider. You must then register the provider-generated client secret with Mobile Services. For more information, see Get started with authentication (Windows Store/Windows Phone/iOS/Android/HTML).

The following example sets the owner property of an inserted item based on the userId of an authenticated user.

function insert(item, user, request) {
    item.owner = user.userId;

In a custom API, the user object is obtained from the supplied request object, as in the following GET method.

exports.get = function(request, response) {    
    var currentUser = request.user;
    // Do something with the user ID here…

The following example adds an additional filter to a read operation based on the userId of an authenticated user. This filter restricts the result to only items that belong to the current user.

function read(query, user, request) {
        owner: user.userId

For more information, see the Mobile Services script reference