TechQA.

Static Web App Securing Routes with roles when routes have parameters in them

142 views Asked by At

I have build a react app ( Azure SWA), My API is linked to my web app and I am securing routes with roles (all works well):

 {
   "route": "/api/product",
   "allowedRoles": ["admin", "nonadmin"]
 },
 {
   "route": "/api/product/*/delete",
   "allowedRoles": ["admin"]
 },

I want only the admin role to be able to call the delete endpoint, but there is a guid that identifies the product and this route does not work when I do this, as wildcards are only supported at ends of routes:

Microsoft Wildcards

Surely there is a way of doing this? as URL parameters are very common, I can seem to find any material on how this is achieved.

reactjs asp.net-apicontroller azure-static-web-app azure-static-website-routing
Original Q&A
1

There are 1 answers

3
Ryan Hill On

EDIT 13 November 2023

I've just confirmed with the product group that this is not supported. Wildcard patterns only work at the end of the path.

Instead of doing /delete, I would attribute that method with the DELETE verb, that you can do

    {
      "route": "/api/profile*",
      "methods": ["DELETE"],
      "allowedRoles": ["admin"]
    },

Besides, using the HTTP verb is more aligned to RESTful principles.

Related Questions in REACTJS

Related Questions in ASP.NET-APICONTROLLER

Related Questions in AZURE-STATIC-WEB-APP

Related Questions in AZURE-STATIC-WEBSITE-ROUTING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions