Azure Mobile Client custom authentication unable to access controllers with [Authorize] attribute

Question

I am using Azure Mobile Service Client with custom authorisation on Xamarin.Forms platform.

The login using .LoginAsync("custom", user) appears to work correctly in that it returns a MobileServiceUser with non-null MobileAuthenticationToken and UserId and automatically hooks up the <MobileServiceClient>.CurrentUser with that value.

However, whenever I attempt to make a further request (immediately on login) I get a MobileServiceInvalidOperationException..(Unauthorized) response, when I inspect the CurrentUser value - it is still the same.

Am I missing something with the MobileServiceClient? My understanding is that if it has a non-null value for .CurrentUser then it will include that in the headers as the X-ZUMO-AUTH header.

Server Login:

[Route(".auth/login/custom")]
public class AuthController : ApiController
{
    private readonly AppContext _context;

    private readonly string
        _singningKey = Environment.GetEnvironmentVariable("WEBSITE_AUTH_SIGNING_KEY");

    private readonly string
        _audience;

    private readonly string
        _issuer;

    public AuthController()
    {
        _context = new AppContext();

        var website = Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME");
        _audience = $"https://{website}/";
        _issuer = $"https://{website}/";
    }

    public HttpResponseMessage Post([FromBody] LoginUser body)
    {
        if (body?.Username == null || body.Password == null || body.Username.Length == 0 || body.Password.Length == 0)
        {
            return Request.CreateUnauthorizedResponse();
        }

        if (!IsValidUser(body))
        {
            return Request.CreateUnauthorizedResponse();
        }

        var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, body.Username) };

        var token = AppServiceLoginHandler.CreateToken(claims,
                _singningKey,
                _audience,
                _issuer,
                TimeSpan.FromHours(24));

        return Request.CreateResponse(HttpStatusCode.OK, new LoginResult
        {
            AuthenticationToken = token.RawData,
            User = new LoginResultUser() { UserId = body.Username }
        });
    }

    protected override void Dispose(bool disposing)
    {
        if (disposing)
        {
            _context.Dispose();
        }
        base.Dispose(disposing);
    }

    private bool IsValidUser(LoginUser user)
    {
        .. this works fine
    }
}

public class LoginUser
{
    [JsonProperty("username")]
    public string Username { get; set; }
    [JsonProperty("password")]
    public string Password { get; set; }
}

public class LoginResultUser
{
    [JsonProperty("userId")]
    public string UserId { get; set; }
}

public class LoginResult
{
    [JsonProperty("authenticationToken")]
    public string AuthenticationToken { get; set; }
    [JsonProperty("user")]
    public LoginResultUser User { get; set; }
}

Client Login:

var database = new MobileServiceClient(BackendApiServerAddress);
var result = await database.LoginAsync("custom", JObject.FromObject(user)); //this sets database.CurrentUser to a MobileServiceUser with MobileAuthenticationToken and UserId and returns the value
await database.SyncContext.PushAsync(); // this fails

Exception:

{Microsoft.WindowsAzure.MobileServices.MobileServiceInvalidOperationException: The request could not be completed.  (Unauthorized)
  at Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient+<ThrowInvalidResponse>d__24.MoveNext () [0x001ec] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient+<SendRequestAsync>d__26.MoveNext () [0x000fc] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient+<RequestAsync>d__18.MoveNext () [0x000fa] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.MobileServiceTable+<ReadAsync>d__20.MoveNext () [0x000a3] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.MobileServiceTable+<ReadAsync>d__18.MoveNext () [0x00141] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter`1[TResult].GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.Sync.PullAction+<ProcessTableAsync>d__14.MoveNext () [0x0015c] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.Sync.TableAction+<ExecuteAsync>d__29.MoveNext () [0x002a5] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.Sync.MobileServiceSyncContext+<ExecuteSyncAction>d__34.MoveNext () [0x0008e] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at Microsoft.WindowsAzure.MobileServices.Sync.MobileServiceSyncContext+<PullAsync>d__30.MoveNext () [0x0039b] in <42e24ce875d34485ad11c4f8aebb904a>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <3fd174ff54b146228c505f23cf75ce71>:0 
  at FRAOffline.Backend.Database.DbContext+<SyncCustomersAsync>d__32.MoveNext () [0x00049] in C:\Users\Heather\Documents\Visual Studio 2017\Projects\FRAOffline\FRAOffline\FRAOffline\Backend\Database\Customers.DbContext.cs:83 }

Answer 1

According to your description, your custom authentication could validate the client user and generate the authenticationToken successfully. I would recommend you check the Authentication / Authorization settings and make sure Set the Action to take when request is not authenticated to Allow Request (no action) under the "SETTING > Authentication / Authorization" of your Azure Mobile App. Additionally, I would recommend you leverage fiddler to capture the network traces when invoking await database.SyncContext.PushAsync(). Moreover, you could also use postman to simulate the request against your table controller as follows to narrow this issue:

GET https://{your-app-name}.azurewebsites.net/tables/{table-name}
Header x-zumo-auth:{authenticationToken}

In addition, you could also follow adrian hall's book about Custom Authentication and Authentication in the Backend.