Zoli
How to Filter Firebase Real-Time Data for the Logged-In User in a Maui Application?
In my Maui application, I have successfully implemented email/password authentication and real-time data synchronization. To filter data so that only the logged-in user's relevant documents are shown, should I add a new property (e.g., ownerId) to each document and perform the filtering on the client side?
I saw WhereEqualTo could filter but is this the right approcach to filter on the client by the ownerid?
But it means I need to store the userId on the client, is it safe?
(I saw some relevant questions but they are 6-10 years old and not maui/.net related if matters at all)
13 replies
What is the proper way of keeping the state of vm when closing and returning back to the Maui app?
I have a complex form with various input fields such as entries, checkboxes, etc. When the user closes the app and navigates back to the app, I want to ensure that if they return to the form, they can either continue from where they left off or start a new form.
One of my idea is implement Auto-Save in the ViewModel
In the viewmodel implementing an auto save strategy so when any property is changed it saves to cache using Barrel, so it can be loaded from there.
cons this form has few nested collections too means i need to subsctribe to all items and all items's property when added to detect the change, any good advice or libary or tips to make it better?
5 replies
Issue with Nested One-to-Many Relationships in SQLite-Net Extensions: LevelTwoModels Property Return
I am working on a model hierarchy using SQLite and SQLite-Net Extensions. The model structure consists of three levels: RootModel, LevelOneModel, and LevelTwoModel. Each model contains properties that establish relationships with the next level, as follows:
RootModel has a one-to-many relationship with LevelOneModel. LevelOneModel has a one-to-many relationship with LevelTwoModel. Here is my implementation:
public class RootModel
{
[PrimaryKey, AutoIncrement]
public Guid Id { get; set; }
public string? Name { get; set; }
[OneToMany(CascadeOperations = CascadeOperation.All)]
public List<LevelOneModel> LevelOneModels { get; set; }
}
public class LevelOneModel
{
[PrimaryKey, AutoIncrement]
public Guid Id { get; set; }
public string? Name { get; set; }
[ForeignKey(typeof(RootModel))]
public Guid RootModelId { get; set; }
[ManyToOne]
public RootModel RootModel { get; set; }
[OneToMany(CascadeOperations = CascadeOperation.All)]
public List<LevelTwoModel> LevelTwoModels { get; set; }
}
public class LevelTwoModel
{
[PrimaryKey, AutoIncrement]
public Guid Id { get; set; }
public string? Name { get; set; }
[ForeignKey(typeof(LevelOneModel))]
public Guid LevelOneModelId { get; set; }
[ManyToOne]
public LevelOneModel LevelOneModel { get; set; }
}
I am using SQLite-Net Extensions' InsertWithChildren and GetWithChildren methods for data manipulation. While the relationships between RootModel and LevelOneModel work as expected, the LevelTwoModels property in LevelOneModel always returns null when retrieved.
What could be causing this issue, and how can I resolve it to ensure all relationships are correctly handled and retrieved?
All three table is created.
For insert:
await SqliteDataStore.Instance.Database.InsertWithChildrenAsync(Data);
For get:
return await SqliteDataStore.Instance.Database.GetAllWithChildrenAsync<RootModel>();12 replies
I’m looking for feedback on the security setup, which uses .NET MAUI, ASP.NET Core, and MongoDB.
Overview of the Architecture
1. API Authentication:
To authenticate API calls from the MAUI client, I use an API key that is securely stored in Azure Key Vault and accessed by the API as needed.
2. Database Connection:
The connection string for MongoDB is also stored in Azure Key Vault, allowing the API to retrieve it securely, so no sensitive information is stored within the API itself.
3. User Registration and Authentication:
When a new user registers through the MAUI app, a document is created in MongoDB’s user collection, with the password stored as a secure hash.
On login, the API generates a JWT token, saves it in MongoDB, and sends it to the MAUI client, where it’s stored using Secure Storage. Any previously saved token is replaced with the new one in both the database and on the client.
4. Data Ownership and Access Control:
After logging in, users can create and save data, which the API stores with an owner ID field set to the user’s ID.
When data is retrieved, the owner ID is passed to the API to filter results, so users can only access records that match their own ID.
5. Sensitive Data Management:
No sensitive information, such as connection strings, API keys, or password-hashing keys, is stored directly in the API; all are injected securely from Azure Key Vault.
On the MAUI client, the API key is stored in appsettings.
Questions
1. Storing the API Key on MAUI:
Is appsettings on the client side an appropriate place for storing the API key, or is there a more secure alternative?
2. Overall Security:
Do you have any suggestions to enhance the security of this architecture?
Thanks in advance for your input!
116 replies
How to get documents for specific user by Cloud Firestore?
I am developing a .NET MAUI application where users can register and sign in. After logging in, they can perform CRUD operations on documents. Each document saved to Cloud Firestore includes a user_id or owner_id property to indicate the owner.
What is the best way to filter documents so that I only retrieve those associated with a specific user?
Currently, I am using:
CollectionReference documentsRef = db.Collection("documents");
and then querying for documents where UserId equals the currentUserId.
Is this the correct approach, or does this method initially retrieve all documents from the collection (for all users) before filtering by UserId?3 replies