I am hosting a website I made for a friend on Azure. The website was on "F1 Free" pricing tier, but I just upgraded to the "B1 Basic" pricing tier.
Once I figure out how to setup a custom domain name, is it possible to route all traffic from the old url, to the new url I will be creating?
I'm assuming that by old URL you mean the URL of the web app (something like myrandomsitename.azurewebsites.net) and by new URL you mean the custom domain that you will be adding to your app (something like: myvanitydomain.com)
if what you want to do is redirect all the traffic from to you can do this with URL Rewrite:
Your rule would look something like:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="SPA">
<match url="OLDURL" />
<action type="Rewrite" url="NEWURL" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
You can learn more about URL Re-write and Azure Web Apps here: Rewriting a URL in an Azure web app
Related
I'm migrating a backend Basic Auth to Digest Auth.
Until now, we have an first tier apache2 server making the authentication via header overwrite to avoid users knowing the backend credentials:
<Location />
ProxyPassReverse "http://192.168.110.111/"
ProxyPass "http://192.168.110.111/"
RequestHeader set Authorization "Basic dXNlcjp1c2Vy"
</Location>
However, Digest authentication requires some extra work to manage nonce variable fields and such stuff.
Does anybody know if there is any way to make the Digest login to the backend automatically from the Apache server against the proxyed backend?
Thanks!!
I have a web service (currently localhost:100) which uses Windows Authentication, is served through IIS and is set up with Access Control Allow Origin properties in the web.config:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://localhost:81" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
I'm trying to access them from an angularJS app served from static files (html, css & js) which is running from a different server which I'm running on IIS (port 81 currently):
var productSearch = $resource("http://localhost:100/api/ProductSearch/:id");
but I'm getting 401 (Unathorised).
I've set the requesting site to use Windows authentication but with no server side I've no way of knowing if that's working or not. It's not sending any user credentials through to the web service.
So I was being a bit stupid. the line of code I was looking for was:
$http.defaults.withCredentials = true;
This makes it work from anywhere - include the Node dev server.
We have a project (contains a web backend and a mobile api backend) hosted using google app engine (we also using cloud endpoints).
We use spring framework for the web application, mvc & security.
The problem now is that once I enable <csrf/> in our security.xml, the cloud endpoints project will also require a token because of this setting.
<http auto-config="true">
<intercept-url pattern="/" access="ROLE_USER" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="email"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<!-- <csrf/> -->
</http>
Is that possible to config only certain folder or certain controller require this <csrf/> protection? Because I just want this csrf setting to protect my web backend.
Have a separate URI structure for mobile apis like for example "api/mob/getPostsByUserId" and create a new http tag in spring-security config file as
<http auto-config="false" pattern="/mob/**">
//.. your other settings
</http>
These are the steps I followed.
Created new Application from GAE console with custom domain authentication option. Gave my domain name.
Registered my domain with Google Apps for Work. Enable App Engine Service for my GAE Application.
added the following code to the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
tried to open the app with normal gmail account. It is getting redirected to login page. it works fine, upto here.
Here comes the problem, I tried to login with my domain account it is showing an error "Too many redirects".
I tried clearing the cookies and made sure only one account is logged in at time.
Please help.
Please change to /*. Alternatively you can use app.yaml for Java apps too as it's easier to configure (not sure it can be used with Eclipse). Unless your app needs to be portable to other Java app servers.
I want to set something up so only authorized users (perhaps on a VPN) can see my Google App Engine app. Is this possible?
EDIT: I want to make a private dev version of the app (different app engine app). And I want to make a private "dev console" that can be used to simulate usage by calling endpoints with task queues. I will still have authentication, and I thought it would make sense to have this dev environment hidden from the rest of the world. Unnecessary?
What you can do for test environments is to put this in your web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin required</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
This makes sure you have to be logged in as an admin to view the site. You can add users to your project in the permissions screen:
https://console.developers.google.com/project/[YOURPROJECT]/permissions
An easy way doing what you want is to deploy a "dev" version to AppEngine, then you can access it with this URI : http://dev.app_name.appspot.com.
The default version still accessible. And you can test your endpoints with the dev URL.
For OAuth2, don't forget to add the dev url in the OAuth API Console.