Built in authentication for specific pages in Azure App Service

Built in authentication for specific pages in Azure App Service

10 March 2022

Azure

Buy Me A Coffee

Hello!

In this article, I would like to describe how to add authentication and authorization for specific pages without redeploying your web app using Azure App Service.

Azure App Service provides built-in authentication and authorization capabilities, so you can sign in users and access data by writing minimal or no code in your web app.

Azure is like an iceberg, where the Portal is only 10% of the whole power.

By default Azure App Service built-in authentication redirects all pages to the Identity provider page, but we want to set it up only for a specific page, like “/admin”. I haven't found how to implement it in the portal. Let me know in the comments if you find a solution.

To achieve the result we will use another Microsoft service, but let's go step by step:

  1. Go to App Service, select Authentication, and click “Add identity provider”. Add new provider
  2. Choose the identity provider you like Available identity provider
  3. Fill out the App registration settings and click Add. A new provider should be added. New provider

To check if everything works fine so far, you can navigate to any page. You should be redirected to the identity provider.

Now let's set it for specific pages only. To do that, navigate to the Azure Resource Explorer.

In the treeview select subscriptions->your subscription->resourceGroups->your resource group->providers->Microsoft.Web->sites->you site->config->authsettingsV2.

This file contains all settings related to authentication. You can set session duration, identity provider configurations, etc.

We are interested in globalValidation section. Find this section and add the new property excludedPaths. It's an array of strings with paths that should be excluded from the global rule. excludedPaths is a list of “allowed” paths - the paths, which don't require authentication. GlobalValidation settings

Your globalValidation section may look like this:

"globalValidation": {
      "requireAuthentication": true,
      "unauthenticatedClientAction": "RedirectToLoginPage",
      "redirectToProvider": "google",
      "excludedPaths": [
        "/index.html",
        "/js/*",
        "/css/*",
      ]
    },

which means redirect to Google login page for all requests except “/index.html”, “/js/” - any path in js folder, “/css/*” - any path in js folder.

Now if you open “/admin” page, you will be redirected to the Google login page, but if you open “index.html”, you will see its content.

You can read more about GlobalValidation on Microsoft Docs: GlobalValidation Class.

Happy coding!

Buy Me A Coffee

Related:

.NET MAUI Push Notifications using Azure Notification Hub. Part 1. Setup Azure Notification Hub

The article demonstrates how to add push notifications to .NET MAUI application using Azure Notification Hub.

An unhandled error has occurred. Reload

🗙