routes.json to protect entire site

Banister, Dominic 1 Reputation point

Hi, I'm using Azure Static Web Apps and I'm trying to protect an entire site so that all users have to be authenticated (invited and logged in) to be able to open any part of the site.

The routes.json I have right now is:

"routes": [
"route": "/index.html",
"allowedRoles": ["authenticated"]
"route": "/*",
"serve": "/index.html",
"statusCode": 200

But that seems to allow anynymous connections still

Can anyone advise?


Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,520 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Grmacjon-MSFT 14,286 Reputation points

    Hi @Anonymous ,

    Thanks for your patience. Routes are secured by adding one or more role names into a rule's allowedRoles array.

    based on what you shared, you have "allowedRoles": ["authenticated"] but you don't have an authorization provider-specific login route. for example, You can add a route rule like this

      "route": "/login",  
      "serve": "/.auth/login/github"  

    to map a authentication-authorization default provider to a friendly route like /login. See the example route file for details.

    Please let us know if you have further questions


    0 comments No comments

  2. Banister, Dominic 1 Reputation point

    That worked; thanks very much!

    I guess to have an authentication page I would make Index.html be a login page with links to login to GMail or Office365 (for example) and then those links would point to the relevant /.auth/login provider in my routes.json?