Try Xenarius Free

Setting up Application Security

Authorization

To log a user in, you need to send an HTTP request directly to the back-end API. Let’s consider a simple view that contains login and password input fields and a Login button.

To create log-in logic, specify a handler for the button’s OnClick event.

In the handler’s body, add the Send Request operator to address the URI responsible for authorization. An example of such a request is shown below.

Login Request Example

Here a POST request is sent to https://xenarius-auth-demo.azurewebsites.net/Token with the login and password transmitted in the request body.

If the requests do not run into an error, the $global.authenticated property is set to true. This property is available in every Xenarius project. If you project supports authentication, be certain to set it to true on login, and false on logout. This step is necessary so that the built-in Xenarius authorization controller works properly.

If your server returns an authorization token, it’s likely that you will have to create a global model property to store it - needed when accessing protected resources. For instance, if you need to access confidential data, pass the authorization token in the Authorization HTTP request header. You can specify this when creating a data provider as shown below.

Access Rules

The final step is to define how users obtain authorized access to your application. Enter your application settings by using the Application Options button and expand the Authorization section.

This section contains the following properties.

  • Login View ID - the view used to log users in.

  • Allow Anonymous Access - if selected, users can access the app without logging in.

  • View Rules - access rules for individual views.

Each view rule exposes the following properties:

  • View ID - the view to which this rule applies.

  • Allow Anonymous Access - if selected, users can access the view without logging in.

When an unauthorized user attempts to access a view that requires authorization, they will be redirected to the login page and prompted to log-in. Once they successfully log-in, they will be returned to the requested view.