Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Permissions

Updated: February 27, 2015

Microsoft Azure Mobile Services enables you to set the following permissions on specific table operations (insert, read, update and delete) and specific custom API request methods (GET, POST, PUT, PATCH, and DELETE):

  • Everyone: This means that any request is accepted. This option leaves the specific resource wide-open for everyone to access.

  • Anybody with the Application Key: The application key is required to access the requested resources.

    securitySecurity Note
    The application key is distributed with the application. Because this key is not securely distributed, it cannot be considered a security token. To secure access to your mobile service data, you must instead authenticate users before accessing.

  • Only Authenticated Users: Only authenticated users are permitted to access the requested resources. Server-side code can be used to further restrict access to tables based on an authenticated user.

  • Only Scripts and Admins: The service master key is required to access the requested resources. This limits access to code running on the service and administrator accounts, which includes the Microsoft Azure Management Portal.

In a JavaScript backend mobile service, these permissions are set in the Management Portal. In a .NET backend mobile service, permissions are set by applying the AuthorizationLevel attribute at either the method or the class level.

For examples of setting permissions for table operations, see Get started with users (Windows Store C# / Windows Store JavaScript / Windows Phone / iOS / Android / HTML). For an example of setting permissions for custom API request methods, see Define a custom API that supports pull notifications (Windows Store C# / Windows Store JavaScript).

Show:
© 2015 Microsoft