I am using Azure static Web app service Static Web App.
Is there a way to disable anonymous access and apply security rules?
Asked
Active
Viewed 1,737 times
2
-
Add a `web.config file`, refer to the `web.config` of the .net web program, and apply the following `
` application to prevent anonymous access to static website resources. – Jason Pan Jun 15 '20 at 01:32 -
As for security rules, what effect do you want to achieve? – Jason Pan Jun 15 '20 at 01:32
-
Whether your application is in .net framework or dotnet core, or in other languages, you need to provide more details to help you. – Jason Pan Jun 15 '20 at 05:51
-
I am hosting HTML static files, there is no server technology in the picture – Karan Sharma Jun 15 '20 at 06:18
-
Pls create a web.config file, then try. – Jason Pan Jun 15 '20 at 06:21
-
If you do not find a better solution, I have updated my answer. You can quickly migrate your project to Asp.Net according to my suggestions, and you can get a better experience in Azure WebApp. – Jason Pan Jun 16 '20 at 02:54
1 Answers
4
Yes - there is way.
A simple example:
If you create a routes.json file at the root of app's build artifact folder and put something like the following in the file:
{
"routes": [
{
"route": "/login",
"serve": "/.auth/login/aad"
},
{
"route": "/*",
"serve": "/index.html",
"allowedRoles": [
"reader",
"owner",
"contributor"
]
}
],
"platformErrorOverrides": [
{
"errorType": "Unauthenticated",
"statusCode": "302",
"serve": "/login"
}
]
}
This will prompt the user to authenticate using Azure AD and serve the static webpage index.html only if authentication is successful and the authenticated user has one of the allowedRoles.
In order to assign a user roles, you have to invite them e.g. by using the
Home > {static web app name} > Role management
tab on portal.azure.com, and invite a user making sure to set the appropriate role.
kasperhj
- 10,052
- 21
- 63
- 106