Getting Started with User Management

Getting Started with User Management

Telerik Platform provides an out-of-the box user management solution with support for common user operations such as:

  • User registration
  • User authentication and authorization
  • Role management
  • Recovering user accounts (reset password)
  • Linking and unlinking user accounts from social providers or AD FS providers
  • Sending automated emails

In this article you will learn how to create a user account through the Telerik Platform web portal and how to set its permissions. Then you will proceed to integrating user authentication in a native iOS application.

Steps at a glance:

  1. Create a User Account
  2. Verify the Account
  3. Specify What Data the User Can or Cannot Access
  4. Source and Install the SDK
  5. Initialize the Everlive Instance
  6. Log In the User to Your Application
  7. Log Out the User
  8. (Advanced) Persist the Access Token
  9. (Advanced) Check If the User is Logged In

Prerequisites

Create a User Account

After you have the User Management service set up, you can proceed to creating user accounts:

  1. Open you app.
  2. Navigate to Users > Users Browser.
  3. Click the Add a user button. You see the Add a user form:
    Create a user account from the portal
  4. Fill in all the fields, having these things in mind:

    • You will need Username and Password for other user tasks such as integrating user authentication in your application code; write them down or make sure you remember them.
    • You will need to access the provided email mailbox to receive the user's Welcome and Verify Your Account emails.

      Telerik Platform stores the password securely in the database using an irreversible password hash.

      All user accounts are assigned the default role set for your Telerik Platform app. You can manage the default role or add new roles by going to Users → Roles in the left-side navigation.

  5. Click Save when you are ready.

You can also create user accounts programmatically using the approach explained in Registering Users.

Verify the Account

Telerik Platform handles the user verification process for each new user by sending an automated email titled Verify your account featuring a verification link. In addition, the user receives a Welcome email that greets them on behalf of your application.

Go to Users in the left-hand navigation pane and then click Automated Emails to edit the email templates or click Emails Settings to manage other email-related settings.

To verify the user account, log in to the user email account you provided earlier, find the Verify your account message and click the verification link.

This verifies your account. The VERIFIED column for the user in the Users Browser now shows Yes.

Note that both verified and unverified accounts are treated the same unless you implement your own programming logic based on the VERIFIED field.

Verified user account image

Specify What Data the User Can or Cannot Access

After creating the user account, you can proceed to granting or denying it access to various data in your application.

You do that by specifying the content type's permissions model.

  • Choosing the Private model allows authenticated users to read and write only their own data in the respective content type.
  • Choosing the Shared model allows authenticated users to read and write shared data in addition to their own data in the respective content type.
  • Choosing the Role-based model allows you to specify granular permissions for each of the predefined roles. For example you can grant read permissions to users in the Anonymous role but deny them create, update or delete permissions.

Take the following steps to manage role-based permissions through the UI:

  1. Navigate to Data > Permissions.
  2. Locate the content type that you want to manage.
  3. Click the drop-down menu next to the content type name and select Role-based.
  4. Use the check boxes to set granular permissions.
  5. Click the Save button.

To understand how permissions work, assume that you want to give the following permissions on the content type to the following roles:

  • Anonymous (e.g. unauthenticated users) is denied any access
  • Registered (e.g. the default role of the application) can read and create new data, but cannot modify or delete existing data
  • Owner (defaults to who created a given item, can be changed) can read all data items (inherited from Registered) and modify or delete their own items

To achieve this, make sure that:

  • All check boxes for the Anonymous role are cleared
  • The Read and Create boxes for the Registered role are checked and that Update and Delete are cleared
  • All boxes for Owner are checked

The next image shows the result of taking these actions.

Role-based permissions for a content type

You can learn more about roles in Introduction to Roles.

To manage permissions programmatically, see Introduction to Access Control.

Source and Install the SDK

  1. Log in to your Telerik Platform account and click Getting StartedDownloads in the top right corner.
  2. Under Download SDKs & Tools click Backend Services to see a list of available downloads.
  3. Follow the instructions on the page to download a ZIP archive containing the iOS SDK to your local machine.

    Downloads overview image

  4. Unzip the archive and add EverliveSDK.framework to your app.

  5. Add the following statements to reference the SDK:

    #import <EverliveSDK/EverliveSDK.h>
    

    If you are working in a Swift project you need to add a bridging header to your project from Xcode by choosing File → New → File → iOS → Source → Header. Then add the statement above to the header. Register the bridging header under Build SettingsSwift CompilerCode Generation with the relative path to the header, for example "MyBridgingHeader.h".

  6. Set your App ID as a constant in your app's view controller:

    static NSString * const AppId = @"your-app-id";
    
    let AppId:String = "your-app-id";
    

Initialize the Everlive Instance

The Everlive object connects the client app to a Telerik Platform app. Initialize it as follows:

[Everlive setApplicationKey:AppId];
Everlive.setApplicationKey(AppId)

By default all server requests are transmitted over HTTP. To use HTTPS, set the UseHTTPS key to true in your .plist file or in the Custom iOS Target Properties.

Log In the User to Your Application

After initializing the SDK you can start adding code that logs in the user to your application.

The Telerik Platform User Management service implements token-based authentication. After a successful login based on a username and password pair, the user receives an access token from the server. The Windows Phone SDK uses this access token automatically in consequent user requests for server resources for the lifetime of the EverliveApp instance in your application. The provided access token impersonates the request the server and thus the server recognizes the role and the access permissions for the request.

See (Advanced) Persist the Access Token and (Advanced) Check If the User is Logged In for more information about working with access tokens.

In the code below, assign the username and the password for the user that you created earlier as values of the username and the password variables.

NSString *username = @"my-username";
NSString *password = @"my-password";

[EVUser loginWithUsername:username password:password block:^(EVUser *user, NSError *error) {
    if (error == nil) {
        NSLog(@"%@", user.accessToken);
    } else {
        NSLog(@"%@", error.domain);
    }
}];
var username:String = "my-username"
var password:String = "my-password"

EVUser.loginWithUsername(username, password: password) { (user:EVUser!, error:NSError!) -> Void in
    if (error == nil) {
        var accessToken:String = user.accessToken
        var userId:String = user.id
    } else {
        println("Failed to log in the user" + error.domain)
    }
}

After successful authentication the user gets access to any registered users-only data. To operate with this data, add your programming logic in the success handler of the loginWithUsername method. Sample snippets can be found in Getting Started with Data.

Log Out the User

To log the user out of the application, call the SDK's logOut method as shown in the following example. This invalidates the access token for the user on the server and removes any saved data by the SDK about the current user.

[EVUser logOut];
EVUser.logOut()

(Advanced) Persist the Access Token

Often you may want to extend the user session, keeping the user logged in to the application until they choose to log out or the access token expires. The SDK handles this for you behind the scenes. When a user logs in successfully to your app, the data about the current user and the access token of the user are saved in the NSUserDefaults storage. Thus they are persisted between app start-ups and the token is reused until the user logs out.

(Advanced) Check If the User is Logged In

The existence of an access token on the client device does not mean that the user is actually authenticated or logged in. The access token might have expired, the user might delete their account, change their password, or log out. That is why before each business-critical operation of the application you might want to verify the state of the current user.

First, you need to obtain the information about the current user from the SDK using the currentUser method:

NSString *currentUserAccessToken = [[EVUser currentUser] accessToken];
var currentUser:EVUser = EVUser.currentUser();
var currentUserAccessToken:String = currentUser.accessToken

After that you can leverage the SDK's fetchWithAccessToken method to check the token's validity on the server:

[EVUser fetchWithAccessToken:currentUserAccessToken block:^(EVUser *loggedInUser, NSError *error) {
    if (error == nil) {
        NSLog(@"The user %@%@", loggedInUser.username, @" is logged in with a valid access token.");
    } else {
        NSLog(@"The user is not logged in: %@", error.domain);
    }
}];
 EVUser.fetchWithAccessToken(currentUserAccessToken, block: { (loggedInUser:EVUser!, error:NSError!) -> Void in
    if (error == nil) {
        println("The user " + loggedInUser.username + " is logged in with valid access token.")
    } else {
        println("The user is not logged in: " + error.domain)
    }
})

If the user is not logged in, you can redirect them to the login screen.

Next Steps

See Also


Start a free trial Request a demo
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.