azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Restricting access to entire application does not work with navigationFallback

Open Tiberriver256 opened this issue 2 years ago • 4 comments

Relative section: https://learn.microsoft.com/en-us/azure/static-web-apps/configuration#restricting-access-to-entire-application

Suggestion: You should specify that this does not work when the navigationFallback section is configured as it overrides this behavior

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

Tiberriver256 avatar Dec 02 '22 18:12 Tiberriver256

@Tiberriver256 Thanks for your feedback! We will investigate and update as appropriate.

Naveenommi-MSFT avatar Dec 03 '22 05:12 Naveenommi-MSFT

@Tiberriver256 To test this behavior, we have configured the below routes in our staticwebapp.configuration,json based on the repro we understood that authentication restrictions works even if we have enabled navigation feedback.

{
  "routes": [
    {
      "route": "/*",
      "allowedRoles": ["authenticated"]
    }
  ],
  "navigationFallback": { "rewrite": "/index.html" }
}

  • All the incoming requests which were authenticated and if we are searching for a particular file (like test.htmlor app.html) which is not present in your github repo then the request will execute the navigation fallback to index.html

  • If the request is un-authenticated then customer experience 401 access then the navigation fallback will get triggered.

Feel free to reach back to me if you have any further questions on this.

Venkateshdodda-MSFT avatar Dec 06 '22 05:12 Venkateshdodda-MSFT

This issue has a better explanation that I think will help: https://github.com/Azure/static-web-apps/issues/670

You have to trip the navigationFallback rule to bypass your routes config.

Tiberriver256 avatar Dec 06 '22 13:12 Tiberriver256

@Tiberriver256 I'd been discussing on this internally, after our initial check, your feedback has been shared with the content author @craigshoemaker for further review and update the doc as appropriate

Venkateshdodda-MSFT avatar Dec 13 '22 04:12 Venkateshdodda-MSFT

Thanks for your feedback and your contribution to Azure docs.

Feedback for this repository is moving away from GitHub to a system specific to the Microsoft Learn platform. Issues for this repository will soon be disabled, and additional comments from GitHub will no longer be possible. However, we are now tracking and triaging this issue in the new feedback system.

To learn more about our feedback systems, please see Provide feedback for Microsoft Learn content.

#please-close

craigshoemaker avatar Jul 20 '24 03:07 craigshoemaker