Forum Xamarin Xamarin.Forms

Best practice for authentication flow

Are there any recommended best practices for the flow/handling of authentication in a Xamarin app? Ie not how to do the actuall authentication but rathder how to handle back buttons after logout, sleep/resume, app going to background/foreground and such. And some recommendations on how to implement it.

Have seen some different examples but some seem to be a bit "rough" and relying on modal windows etc.


  • improwiseimprowise Member ✭✭
    edited April 2018

    I notice that the Xamarin Sample uses this method:

        public App ()
            if (!IsUserLoggedIn) {
                MainPage = new NavigationPage (new LoginPage ());
            } else {
                MainPage = new NavigationPage (new LoginNavigation.MainPage ());

    And then something like:

            var isValid = AreCredentialsCorrect (user);
            if (isValid) {
                App.IsUserLoggedIn = true;
                Navigation.InsertPageBefore (new MainPage (), this);
                await Navigation.PopAsync ();

    Based on this:

    Is that the recommended approach? Is there a better/more up to date way of doing it?

    Would like some more meat and bones though but seems a bit dead in here.

  • RHudsonRHudson CAMember ✭✭✭
    edited January 2019

    This is a late answer, but here is my approach:

    I have a WebAPI client service which calls my api running on Azure

    My app uses Azure Blob Storage, which requires SAS keys (Shared Access Signatures)
    The user passes their credentials to a Web API service. If valid, the SAS token is returned with an expiry date.

    I don't bother with that bottom block of code "AreCredentialsCorrect" because when the app starts up you don't yet know if the credentials are correct. It takes time for the server to make that determination and send back an OK.

    You don't want to block the UI. Show the login page immediately. You want App() to finish as quickly as possible.
    XF is already a dog compared to native or flutter. Don't add any more delays with login logic.

    I handle the authentication with an event.

    Finally, I store my SAS token. So if it hasn't expired yet, I skip the login and go straight in.

     public static class APIService
            public static event EventHandler<APIEventArgs> ResponseReceived;     
            public static async void LoginAsync(string id, string password)
                await ... post to web service ...
                //fire response event 
                ResponseReceived?.Invoke(null, new APIEventArgs() { Response = response });
    // custom event arg to pass response
        public class APIEventArgs : EventArgs
            public APIResponse Response { get; set; }
    public class APIResponse
           public bool IsAuthorized {get; set; }
           public string SASKey { get; set; }
           public DateTimeOffset SASExpiry { get; set; }

    In App.xaml.cs I subscribe to the response callback

    public App()
           APIService.ResponseReceived += APIService_ResponseReceived;
            if (sasToken == null) {
                MainPage = new LoginPage ();
             } else {
                MainPage = foo  ( I use FreshMVVM navigation )
     private void APIService_ResponseReceived(object sender, APIEventArgs e)
                if (e.Response.IsAuthorized)
                   AzureService.SASToken = e.Response.SASToken;
                   //good to go - proceed with app pages
                   MainPage = foo  ( I use FreshMVVM navigation )
Sign In or Register to comment.