Adding Roles to MobileServices in Azure (ACS)

Question

I am trying to learn about how to do Roles in ACS. I have a Windows Store App ( not a website :-), and I need Administrator and a Member roles - but finding even very basic documentation or tutorials for something like this is proving very difficult for me.

All I have found are a bunch of references to ASP.NET or Azure Websites stuff - which I can't use, since a Store app is not a Website - and doesn't use ASP.NET.

I have Azure Mobile Services for my Windows Store app. Is there any information that you know of that could be of help?

I'm surprised that Roles don't seem to be covered in the samples/reference/tutorials section anywhere on the Azure website (unless I've missed it - several times).

Take, for example, this scenario. Here, in the Script tab of the Management Portal, I insert some text into the table associated with the currently logged in user (via the insert function):

var SendGrid = require('sendgrid').SendGrid;

function insert(item, user, request) {
        item.userId = user.userId;
        request.execute(
            {
                success: function() {
                    request.respond();

                    // Send email in the background.
                    sendEmail(item);
                }
            }
        );
}

The above code inserts some text into the table and then sends an email to that user. But, how could I adapt this code, so that it would (pseudo code):

if item.text == "administrator"
   then insert userid into admin column
else
   then insert userid into member column

Any help at all will be highly appreciated.

Answer 1

It is not really an answer, but it is also too long for a comment, and I think it is really important.

First of all, when using authentication from the Windows Azure Mobile Services , you are not using Windows Azure Access Control Service . So, there is no Active Directory, there are no (additional) claims when one uses Mobile Services. This must be very clear, because I see continuous misunderstanding and confusion. @Joey still asks for, and refers ACS as federation provider for his application, which is not the case if he relies on the Mobile Services authentication mechanism.

So, the roles assignment must totally be handled by your application logic with additional table as Jim describes.

However roles assignment in general is interesting topic, and really is not part of any tutorial or documentation. And it is not part of such, because Role Assignment is part of business logic of the application itself, not part of the Authentication service. There is very similar question here , which however again does not answer in detail how to assign roles. The foundation and main issue to solve is: How to assign administrator role . Everything else, can be solved by adding appropriate UI for the application administrators. Still, this question is not subject to a short SO answer.