Getting Started with User Management

Getting Started with User Management

Telerik Platform provide an out-of-the box user management solution with support for common user operations such as:

  • User registration
  • User authentication and authorization
  • Role management
  • Recovering user accounts (reset password)
  • Linking and unlinking user accounts from social providers or AD FS providers
  • Sending automated emails

In this article you will learn how to create a user account through the Telerik Platform web portal and how to set its permissions. Then you will proceed to integrating user authentication in a native Windows Phone application.

Steps at a glance:

  1. Create a User Account
  2. Verify the Account
  3. Specify What Data the User Can or Cannot Access
  4. Source and Install the SDK
  5. Initialize the Everlive Instance
  6. Log In the User to Your Application
  7. Connect to Data
  8. Log Out the User
  9. (Advanced) Persist the Access Token
  10. (Advanced) Check If the User is Logged In

Prerequisites

  • A Telerik Platform account.
  • A content type created in your Telerik Platform app structured as described in Getting Started with Data. The App ID for your Telerik Platform app. You can access it from Settings.
  • A .NET Framework version that supports Task-based Asynchronous Pattern (TAP) programming with async and await. Learn more in Asynchronous Execution.

Create a User Account

After you have the User Management service set up, you can proceed to creating user accounts:

  1. Open you app.
  2. Navigate to Users > Users Browser.
  3. Click the Add a user button. You see the Add a user form:
    Create a user account from the portal
  4. Fill in all the fields, having these things in mind:

    • You will need Username and Password for other user tasks such as integrating user authentication in your application code; write them down or make sure you remember them.
    • You will need to access the provided email mailbox to receive the user's Welcome and Verify Your Account emails.

      Telerik Platform stores the password securely in the database using an irreversible password hash.

      All user accounts are assigned the default role set for your Telerik Platform app. You can manage the default role or add new roles by going to Users → Roles in the left-side navigation.

  5. Click Save when you are ready.

You can also create user accounts programmatically using the approach explained in Registering Users.

Verify the Account

Telerik Platform handles the user verification process for each new user by sending an automated email titled Verify your account featuring a verification link. In addition, the user receives a Welcome email that greets them on behalf of your application.

Go to Users in the left-hand navigation pane and then click Automated Emails to edit the email templates or click Emails Settings to manage other email-related settings.

To verify the user account, log in to the user email account you provided earlier, find the Verify your account message and click the verification link.

This verifies your account. The VERIFIED column for the user in the Users Browser now shows Yes.

Note that both verified and unverified accounts are treated the same unless you implement your own programming logic based on the VERIFIED field.

Verified user account image

Specify What Data the User Can or Cannot Access

After creating the user account, you can proceed to granting or denying it access to various data in your application.

You do that by specifying the content type's permissions model.

  • Choosing the Private model allows authenticated users to read and write only their own data in the respective content type.
  • Choosing the Shared model allows authenticated users to read and write shared data in addition to their own data in the respective content type.
  • Choosing the Role-based model allows you to specify granular permissions for each of the predefined roles. For example you can grant read permissions to users in the Anonymous role but deny them create, update or delete permissions.

Take the following steps to manage role-based permissions through the UI:

  1. Navigate to Data > Permissions.
  2. Locate the content type that you want to manage.
  3. Click the drop-down menu next to the content type name and select Role-based.
  4. Use the check boxes to set granular permissions.
  5. Click the Save button.

To understand how permissions work, assume that you want to give the following permissions on the content type to the following roles:

  • Anonymous (e.g. unauthenticated users) is denied any access
  • Registered (e.g. the default role of the application) can read and create new data, but cannot modify or delete existing data
  • Owner (defaults to who created a given item, can be changed) can read all data items (inherited from Registered) and modify or delete their own items

To achieve this, make sure that:

  • All check boxes for the Anonymous role are cleared
  • The Read and Create boxes for the Registered role are checked and that Update and Delete are cleared
  • All boxes for Owner are checked

The next image shows the result of taking these actions.

Role-based permissions for a content type

You can learn more about roles in Introduction to Roles.

To manage permissions programmatically, see Introduction to Access Control.

Source and Install the SDK

The first step of integrating User Management in your app is obtaining and installing the .NET SDK.

  1. Log in to your Telerik Platform account and click Getting StartedDownloads in the top right corner.
  2. Under Download SDKs & Tools click Backend Services to see a list of available downloads.
  3. Follow the instructions on the page to download a ZIP archive containing the .NET SDK to your local machine.

    Downloads overview image

  4. Unzip the archive and reference the .dll SDK file in your app.

  5. Add the following statements to reference the required namespaces from the SDK:
using Telerik.Everlive.Sdk.Core.Model.System;
using Telerik.Everlive.Sdk.Core;
Imports Telerik.Everlive.Sdk.Core.Model.System
Imports Telerik.Everlive.Sdk.Core

Initialize the Everlive Instance

The Everlive object connects the client app to its Telerik Platform backend. To initialize it and to specify your App ID value, add these literals as fields of your page class:

private const string AppId = "your-app-id";
//set UseHttps = false to use HTTP
private static EverliveAppSettings appSettings = new EverliveAppSettings() { AppId = AppId, UseHttps = true };
private static EverliveApp app = new EverliveApp(appSettings);
Private Const AppId As String = "your-app-id"
Private Shared appSettings As New EverliveAppSettings() With { _
    Key .AppId = AppId, _
    Key .UseHttps = True _ 'set to false to use HTTP
}
Private Shared app As New EverliveApp(appSettings)

All of the snippets below use the asynchronous methods exposed by the Backend Services Windows Phone SDK. You can read more about the different synchronous and asynchronous flavors of the SDK in Asynchronous Execution.

Log In the User to Your Application

After initializing the SDK you can start adding code that logs in the user to your application.

The Telerik Platform User Management service implements token-based authentication. After a successful login based on a username and password pair, the user receives an access token from the server. The Windows Phone SDK uses this access token automatically in consequent user requests for server resources for the lifetime of the EverliveApp instance in your application. The provided access token impersonates the request the server and thus the server recognizes the role and the access permissions for the request.

See (Advanced) Persist the Access Token and (Advanced) Check If the User is Logged In for more information about working with access tokens.

In the code below, assign the username and the password for the user you created earlier as values of the username and the password variables.

var username = "my-username";
var password = "my-password";

var loginResult = await app.WorkWith().Authentication().Login(username, password).ExecuteAsync();
var accessToken = loginResult.Token;
var tokenType = loginResult.TokenType;
Dim username = "my-username"
Dim password = "my-password"

Dim loginResult = Await app.WorkWith().Authentication().Login(username, password).ExecuteAsync()
Dim accessToken = loginResult.Token
Dim tokenType = loginResult.TokenType

Connect to Data

If you set your content type's permissions as suggested above, anonymous requests to the content type will be forbidden. This means that you will receive an Access Denied error with a 403 HTTP status code.

After you have a logged in user in your app, you can now perform operations on the data that are denied for anonymous users. To test this, use the code snippets from Getting Started with Data

Log Out the User

To log the user out of the application, call the SDK's logout method like in the following example. This invalidates the access token for the user on the server.

bool isLoggedOut = await app.WorkWith().Authentication().Logout().ExecuteAsync();
Dim isLoggedOut As Boolean = Await app.WorkWith().Authentication().Logout().ExecuteAsync()

(Advanced) Persist the Access Token

Often you may want to extend the user session, keeping the user logged in to the application until they choose to log out or the access token expires. To do this you need to do it manually. For instance, when a user logs in successfully to your app, save the token type and the access token in the Windows Phone IsolatedStorage. When you have the access token saved locally, you may assign it to the EverliveApp instance for further use and with specifying the type of the token (usually "bearer").

 app.AccessToken.Token = accessToken;
 app.AccessToken.TokenType = tokenType;
app.AccessToken.Token = accessToken
app.AccessToken.TokenType = tokenType

(Advanced) Check If the User is Logged In

The existence of an access token on the client device does not mean that the bearer of this access token is actually authenticated or logged in. The access token might have expired, the user might delete their account, change their password, or log out. That is why before each business-critical operation of the application you might want to verify the state of the current user.

First, you need to obtain the information about the current user from the SDK which can be obtained by the GetMe method.

User currentUser = await app.WorkWith().Users().GetMe().ExecuteAsync();
Dim currentUser As User = Await app.WorkWith().Users().GetMe().ExecuteAsync()

For instance, if the user is not logged in, you can redirect the user to the login screen.

Next Steps

See Also

Start a free trial Request a demo
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.