Home > View Post

Setting the auth token in the Mobile Services client and caching the user’s identity (Day 10)

On Day 8, we looked at how you can generate your own ZUMO authentication token. The good news is, if you do want to generate your own tokens (say you want to create a private identity system or integrate with ADFS) then you can still use the Mobile Services client to work with your tables (and logout will still work too!).

All you have to do is manually ‘log the user in’ rather than use the built in login methods. To do this, you just need to set the user object on the Mobile Service client instance, here’s how – in C#, JS and Objective C:

So if you build your own login mechanism, you’re not forced to build your own client. And what’s more, many people want to cache the full identity of their user so they don’t have to login each time the application starts. This is entirely possible now, all you have to do is store the user ID and authentication token locally on the machine*. Next time the app starts, you check the cache and if these values are available, you skip the login flow and rehydrate the client with this data.

Be careful though, the authenticationToken is sensitive data and ideally (depends on the nature of your application and the data it stores), if you store this on the device you should store it encrypted so that should the device get stolen, the bad guy can’t read the value off the disk and use it. Fortunately, Windows and iOS both provide mechanisms to help with this, checkout Windows’ Credential Locker and iOS keychain.

This was day 10 of the twelve days of ZUMO.

Josh Post By Josh Twist
3:22 AM
31 Dec 2012

» Next Post: Handling expired tokens in your application (Day 11)
« Previous Post: Fetching a basic user profile in Mobile Services (Day 9)

Comments are closed for this post.

Posted by Michael Bruyninckx @ 03 Jan 2013 2:13 PM
Is there a reason why this doesn't work on Windows Phone 8 ?
I use the installed DLL (, and it always tells me that this: new MobileServiceUser("Foo:123456789") isn't allowed because there is no such constructor that takes 1 parameter... also MobileService.CurrentUser.MobileServiceAuthenticationToken is an unknown property.
Am I using a wrong DLL ?

Posted by Sanjeev Dwivedi @ 10 Jan 2013 5:46 PM
Brilliant. Absolutely Brilliant. I was struggling with this and Windows 8. If you just copy paste what you have on the page in the accounts insert script that is all that is needed - apart from changing the master key.

To register, just send the username password in the item parameters, and to login, send the username, password and a request parameter "login" flag set to true. I had to struggle to figure out how to do the manual login from Windows 8 JavaScript client, but combine this post with the following post on how to send optional request parameters and you are gold.


This is what worked for me on Win8 JavaScript:

To Register:

.insert({ username: "myuser", password: "mypass" })
.done(function (results) {});

To Login:
.insert({ username: "myuser", password: "mypass" }, {login: true})
.done(function (results) {
client.currentUser = {
userId: results.user.userId,
mobileServiceAuthenticationToken: results.token

© 2005 - 2021 Josh Twist - All Rights Reserved.