question

KenanR-1806 avatar image
0 Votes"
KenanR-1806 asked ScottThomson-2799 commented

Xamarin Forms + Azure AD B2C user + Azure SQL - User data isolation

Hi, first of all I have to point out that I am completely new in Xamarin.Forms and Azure technology.

My goal is to create a mobile app which supports user authentication and offline data sync. Following Microsoft documentation and some guidelines, I created a prototype xamarin form app which uses Azure AD B2C authentication and Azure App Service. User can store user specific data into Azure SQL database using UserID as reference which I get from AD through claims. When user is logged in, I can query user specific data based on that UserID and display it to the user.

User data can contain sensitive information so I want also to achieve that data is secured and properly isolated per user. (users should not be able to see/have access to other user data in any way)

Question would be:
Is this the proper (standard) way/flow to store user specific data, and is this a good/secure way to do it? If not , what would I need to do to achieve that data is secure in this case? Can you point on some documentation and examples?

Thank you

azure-sql-databaseazure-ad-b2c
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This issue is related to the Azure security, I find a related artical about it :https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview#network-security And I move the dotnet-xamarinforms tag.

0 Votes 0 ·

Hello KenanR

Are you still working on your xamarin app? I am doing a similar project. I have an error I cant get around though and looking for ideas. I think it might be an issue on my azure setup. I posted a question under: Error Microsoft.WindowsAzure.MobileServices.Sync.MobileServicePushStatus.CancelledByAuthenticationError

Did you strike any such PushAsync error?

If I cant resolve it I might try a different approach such as azure functions api which I read maybe recommended way, but it would be throwing alot of work out

Scott

0 Votes 0 ·

1 Answer

KalyanChanumolu-MSFT avatar image
0 Votes"
KalyanChanumolu-MSFT answered

@KenanR-1806 Welcome to Microsoft Q&A forums.

You are off to a good start.
Since you already created a web app, it can act as an intermediate to query the database on behalf of the authenticated user.

Microsoft.Identity.Web is the library that helps with authentication scenarios.
Please follow the scenario here to protect your API and restrict it to the authenticated user only.

Do let us know if you have further questions.


If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.