locked
Creating a .NET Backend for Mobile Apps RRS feed

  • Question

  • Okay I've referred to the numerous documentations that set up a .NET backend for a TodoItem example. And I managed to create this:

    public class UserTableController : TableController<UserTable>
        {
            BusinessClass BC = new BusinessClass(); //This is my C# Class Library
    
            protected override void Initialize(HttpControllerContext controllerContext)
            {
                base.Initialize(controllerContext);
                Eyewer_backendContext context = new Eyewer_backendContext();
                DomainManager = new EntityDomainManager<UserTable>(context, Request, Services);
            }
    
            [System.Web.Http.AcceptVerbs("GET", "POST")]
            [System.Web.Http.HttpGet]
            public UserClass LoginUser(string email, string password)
            {
                UserClass user = BC.LoginUser(email, password);
                return user;
            }
    
        }

    This returns me a JSON response such as:

    {"firstName":"SampleLastname","lastName":"SampleFirstname","email":"sample@gmail.com","password":"123","profilePicture":"http://www.corporatetraveller.ca/assets/images/profile-placeholder.gif","settings":{}}

    I'm doing all the Database related work (Login, register, etc) using a C# Class Library that I wrote.

    BUT according to my iOS developer this is not what he needs to implement his iOS App. He needs this in a format such as this:

    [{
       status:true,
       message: "Successfully Logged in",
       values:{
           email: user@sample.com,
           password: samplepassword,
           accesstoken: 7h234b7b2j
         }
    }]

    I have not built a .NET backend for azure from scratch before. How do I change my code such that I can send a JSON response such as the above example? I'm very confused.

    Please point me in the right direction :)


    • Edited by Dinukapj Saturday, July 11, 2015 2:37 PM
    Saturday, July 11, 2015 2:37 PM

Answers

  • You need to enable authentication for your backend service: https://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-ios-get-started-users/


    Wednesday, July 29, 2015 6:40 PM

All replies

  • 1. Please don't store passwords in cleartext on your database. This is how security breaches happen. You should look into using an HMAC to hash the password before storing it. You ideally also use a per user salt to prevent rainbow table attacks.

    2. The data gets sent that way from the Mobile Backend. Data is stored on the backend in a flat table format. In order for Offline Sync to work, it has to be sent this way. If your iOS developer needs it in that format, it's best to transform it on the client side when you retrieve the data. 

    Saturday, July 11, 2015 2:48 PM
  • 1) I'll take that in to account and store the passwords in the way you advised, thank you.

    2) The iOS developer warned me about the app crashing in the event of the JSON Response containing a SQL Exception instead of results and thus the app wont be able to figure out what the backend is sending in a scenario such as that. That's why he requested a 'status:true'. 


    • Edited by Dinukapj Saturday, July 11, 2015 4:01 PM
    Saturday, July 11, 2015 4:01 PM
  • Is your iOS developer familiar with our client? We don't talk in pure JSON and our client helps deal with errors.

    Here's an example from our quickstart:

        

    [self.syncTable insert:item completion:^(NSDictionary *result, NSError *error)
        {
            [self logErrorIfNotNil:error];

            [self syncData: ^{
                // Let the caller know that we finished
                if (completion != nil) {
                    dispatch_async(dispatch_get_main_queue(), completion);
                }
            }];
        }];

    Notice that if we failed to insert the item, we get an NSError object back. There's no need to complicate the logic of the server because the server/client already have means of dealing with errors like your iOS developer is, rightfully, trying to avoid.


    Saturday, July 11, 2015 4:42 PM
  • Is your iOS developer familiar with our client? We don't talk in pure JSON and our client helps deal with errors.

    Here's an example from our quickstart:

        

    [self.syncTable insert:item completion:^(NSDictionary *result, NSError *error)
        {
            [self logErrorIfNotNil:error];

            [self syncData: ^{
                // Let the caller know that we finished
                if (completion != nil) {
                    dispatch_async(dispatch_get_main_queue(), completion);
                }
            }];
        }];

    Notice that if we failed to insert the item, we get an NSError object back. There's no need to complicate the logic of the server because the server/client already have means of dealing with errors like your iOS developer is, rightfully, trying to avoid.


    Oh superb, I shall inform him about this. One more thing, Chris. The JSON response I exposed in my question is accessible by anyone with the uri. I'm a bit worried that it could be a security breach. Is there any way to allow only client apps to access the response and its data? For example, if I provide you with my backend url with the query string, you'll see all the JSON response data on screen. How can I fill up that concern?

    Saturday, July 11, 2015 7:17 PM
  • You need to enable authentication for your backend service: https://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-ios-get-started-users/


    Wednesday, July 29, 2015 6:40 PM