Offline Login System....

Hi Folks,

I am pretty new to Xamarin although have built one app that uses SQLite, it stores a hashed password which it uses for offline login. There are also web services calls which interact with our MS-SQL database for resetting and synching other data.

This time I am going to try using Azure Mobile App and have everything in the cloud. The requirements for this project need information to be synched pretty much on the go - it is a delivery app and I just think the built in functionality of Azure/cloud database hosting are going to save me a lot of time (and it just works)!

Here is the scenario - in the morning the driver logs into the system (will always have wifi first thing), deliveries for the day sync to the phone usine the MobileServiceSQLiteStore. Great I hear you say.

Logging in is no problem when the driver has signal but they still need to be able to sign in to contnue with deliveries when offline. Has anyone got any recommendations?

I have been looking into Azure AD but think it may be overkill. Not sure if it is possible just to pull a single record from Azure of the driver down in the morning and store on the phone for checking throughout the day and purge this when signing off or will it pull the whole staff table down?

All help is greatly appreciated, seem like it should be easier to do than I am making it out.

Thanks,

Posts

  • Nadjib_BaitNadjib_Bait DZMember ✭✭✭✭
    edited June 2018

    You need to store an Access Token, not a password hash. Then you use that Access Token as authentication mechanism, which will get sent with the sync request once the user is online...

    So the flow is like this:
    1. User login when he's online. He gets an access token from your server. You store it.
    2. Guy gets offline, he does his delivery, you don't need the access token since you're updating the local db (no authentication needed)
    3. Guy finishes his work. Gets online, the app starts the sync process (it sends the access token with each sync request as a header). The server authenticate the user from his access token, and does the sync.

  • Nadjib_BaitNadjib_Bait DZMember ✭✭✭✭

    Check this article on how to implement access token (JWT) in an Azure Mobile App: https://www.newventuresoftware.com/blog/custom-authentication-with-azure-mobile-apps

  • nialmcshanenialmcshane Member ✭✭

    Thanks for your response nadjib,

    Had a read through the example. One other thing, if the app sleeps or the user opens it back up again I would like the login screen to ask for them to confirm credentials again.

    Do I perform the check on the token by storing the username and password and decrypting? This is why I thought I would have to store the username/password in a local db.

    Thanks,

  • JohnHardmanJohnHardman GBUniversity mod

    @nialmcshane said:
    One other thing, if the app sleeps or the user opens it back up again I would like the login screen to ask for them to confirm credentials again.

    If the user is prompted for credentials every time the app is restored, the users will discard the app pretty quickly. You will almost certainly want a specified period in which the user can switch to another app and then return again without having to re-enter credentials.

  • nialmcshanenialmcshane Member ✭✭
    Hi John,

    This is a custom mobile app for a specific client so it would be important for security that it can't be accessed by others who may have access to the phone.

    If it was an app going out for general release then I wouldn't be so worried.

    The app will also only download/sync deliveries specific to the driver that logs in.

    Thanks
  • Nadjib_BaitNadjib_Bait DZMember ✭✭✭✭
    edited June 2018

    In that case you can store the password hash in your local db just for offline app login, then you will use the access token as described, just don't forget to update the local password hash if the user changes his password. Or enter the 21st century and do a Fingerprint scan no password needed at all!

  • Nadjib_BaitNadjib_Bait DZMember ✭✭✭✭

    Also don't encrypt password, hash it.

  • nialmcshanenialmcshane Member ✭✭

    Ok guys, here's what I'm thinking.....

    I followed this post and was able to get the azure B2C login working (https://blog.xamarin.com/authenticating-mobile-apps-with-azure-active-directory-b2c/) with the web viewer so i investigated further and there is a way to send across a username and password and get it to return a token although it is in preview mode with Azure - https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc.

    I have this request working and returning the token with the expiration.

    What is the best way for me to store this token and to query it - I am now thinking that when a driver completes his delivery run and logs out that next time I will ask them to login and create a new token.

    Again sorry for my basic knowledge but want to jump in at the deep end!

    Thanks,

Sign In or Register to comment.