What I am trying to accomplish should be straight forward but since I have no experience in web development I would be more than happy to get some insights on best practices to accomplish user redirection from home page to dashboard if user is logged in.
Home page is a static WordPress site which is run in a docker container.
Dashboard is a single page application developed with AngularJS.
Nginx is used as a reverse proxy.
Authentication is basically a JWT. When user loggs in JWT is stored in Cookie.
If cookie is set user should be redirected to dashboard. Otherwise home page should be returned.
Should I configure Nginx to check for a cookie when accessing domain.com/ and redirect to app.domain.com if cookie exists?
what you are describing is a scenario where you need to go to home page and check whether User is Authenticated there, and redirect -before showing the homepage- if the user is authenticated from within the homepage code.
Related
I have a angular application with URL: https://abc.xyz.com hosted within Azure App Service. This has a backend API hosted using a separate Azure App Service and different URL: https://xxx.yyy.com. Both the endpoints are registered with AzureAD. Only authenticated users can login into the application and all the requests to the API has to pass the token via the header from the frontend services layer.
Lets say there is a route within the application: https://abc.xyz.com/#!/test/100
Now when I open a new browser instance and try the above URL, it asks me to follow all the steps required for AzureAD authentication and navigates me to the landing page:https://xyz.abc.com instead of https://abc.xyz.com/#!/test/100
In this case I am expecting user to be navigated to the requested route : https://abc.xyz.com/#!/test/100 instead of taking him to the landing page: https://abc.xyz.com/ post authentication process.
Can anyone provide their guidance regarding this scenario?
Please check if below points give some idea.
AFAIK, the default behavior is to redirect the user to the original
page i.e; the redirect url mentioned in the app registration process,
as microsoft identity basically checks the state whether is protected
by Azure AD before the location is changed to other path than that.
Please check this blog on Redirect to a custom login page when
securing your Angular app with MSAL - Waldek Mastykarz to try the
page redirect to the path previews required.
You may also try adding another redirect url of that path in azure
ad portal.
I have a website protected by azure ad and uses msal, i want to access it in iframe, but it looks it does not work. Is there a way to make it work ? Is it related to the redirect url or other issue ?
You cannot authenticate the user inside iframe meaning you cannot use redirect APIs for user interaction with the identity provider.
You can start with creating your own customer page and allow the user to enter the credentials and then authenticate the user. When the user enters their credentials and clicks on login, the server will return OK (if email/password is correct). After that you should save the token in localstorage and then set isAuthenticated = true.
If you are using the Auth code flow, then you should do the authentication in the outer real page not inside the iframe. Then you will have to login once your authenticated. The concept is that you must fully redirect to the Auth pages in azure ad not in iframe.
You can achieve single sign-on between iframed and parent apps with
the same-origin and with cross-origin if you pass an account hint from
the parent app to the iframed app.
Learn more here
You need to specify in the auth config to allow redirects in IFrame
https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_browser.html
I have a Gatsby-React application in which I have enabled passport authentication with express server. How can I enable the passport authentication for all the pages for my gatsby application. The folder structure is as follows
app.js //Express server using passport stratagy
src/pages/welcome //Passport authentication is called when navigating from this page to profile
src/pages/profile //redirects to this page after authentication
/about //No Authentication
/index.js //No Authentication
src/components //My components folder
gatsby-node.js
...
As you may noticed that when we try to navigate to profile page from welcome page it authenticates by redirecting to the express (app.js) server strategy. Subsequently passport callback redirects to the profile page and it receives the user information. First wrong thing with this approach is that the app allows me to visit url.com/profile page when directly giving the url.com/profile in the address bar (Obviously the profile page will not have the user information).
To handle this I'm planning to give authentication for all the pages (including home page, about and welcome). So how can I effectively authenticate all the pages (if not authenticated).
So, I'm developping a react app with Azure Active Directory authentication. The react app internally uses HashRouter. My url looks like this
https://example.com/#/
Now when the user clicks on this link from an email he would go through the azure authentication and if authorized will be redirected to the landing page which is
https://example.com/#/
However, if the user clicks on a link that looks like https://example.com/#/xyz - this still redirects to https://example.com/#/ and not to the page xyz. I think this is an issue with incorrect replyurls but I'm not sure.
Any help would be appreciated!!
To GAE+html5 gurus out there :)
When user logs on to a GAE hosted application, his credentials are stored locally in a cookie (correct?).
After this cookie expires (e.g. if users hits logout on another browser tab), no login_required protected methods will work.
Regular webapp will require re-authentication next time the user navigates to a login_protected url by automatically redirecting to a login screen.
What would be the right way for a cached webapp to be handling this?
My test is a simple login_protected page accessed by Chrome and iOS browser. It's cached and accessible offline as expected. Then, (while online) and after the authentication expires, the server log shows a 302 response which is followed by 200 response of the authentication dialog page, but of course no authentication happens.
Thanks!
If you are using google authentication to provide access to your page . Which means even if you are logged in one of the other google services. Your cookie still exists in the browser. login_required will assume that you are logged on based on the cookie. What you are seeing is a redirection to google's page that's 302. If you want you can manage sessions on your own and check for authentication based on your data in data Store.There are lot of solutions availble for both Python and Java .