Xamarin Forms + Azure AD B2C user + Azure SQL - User data isolation

Question

Hi, first of all I have to point out that I am completely new in Xamarin.Forms and Azure technology.

My goal is to create a mobile app which supports user authentication and offline data sync. Following Microsoft documentation and some guidelines, I created a prototype xamarin form app which uses Azure AD B2C authentication and Azure App Service. User can store user specific data into Azure SQL database using UserID as reference which I get from AD through claims. When user is logged in, I can query user specific data based on that UserID and display it to the user.

User data can contain sensitive information so I want also to achieve that data is secured and properly isolated per user. (users should not be able to see/have access to other user data in any way)

Question would be:
Is this the proper (standard) way/flow to store user specific data, and is this a good/secure way to do it? If not , what would I need to do to achieve that data is secure in this case? Can you point on some documentation and examples?

Thank you

Answer 1

@Kenan_R Welcome to Microsoft Q&A forums.

You are off to a good start.
Since you already created a web app, it can act as an intermediate to query the database on behalf of the authenticated user.

Microsoft.Identity.Web is the library that helps with authentication scenarios.
Please follow the scenario here to protect your API and restrict it to the authenticated user only.

Do let us know if you have further questions.

----------

If an answer is helpful, please "Accept answer" or "Up-Vote" which might help other community members reading this thread.