I'm working on hosting Doxygen documentation using an Azure Static Web App in my company. I've set up an Azure DevOps pipeline to automatically deploy the files to Azure. Here's what I've achieved so far:
- Configured app registration and enterprise app to restrict access to authenticated users from my company's Azure Active Directory tenant.
- Limited access to specific groups within the enterprise app, and this part is working as expected.
Goal:
I need to restrict access to specific HTML pages based on AAD groups. For example:
- Index.html → Accessible to all authenticated users
- Venus.html → Only accessible to the Venus team group
- Pluto.html → Only accessible to the Pluto team group
What I've Tried:
- Created roles in Azure AD and assigned them to the relevant groups.
- Configured
staticwebapp.config.jsonas follows:
{
"routes": [
{
"route": "/pluto*",
"allowedRoles": [
"pluto"
]
},
{
"route": "/venus*",
"allowedRoles": [
"venus"
]
},
{
"route": "*",
"allowedRoles": [
"authenticated"
]
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad"
}
},
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "/<redacted>/v2.0",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
}
}
}
}
}
However, this is not working as expected. When those certain groups try to access those pages it says it doesn't let them, it says access restricted.
Additional Information:
- I'm using Azure Active Directory as the authentication provider.
- Roles were assigned through the enterprise app's Users and Groups settings.
- I cleared the browser cache.
Question:
How can I correctly restrict access to these pages based on AAD groups? Is my approach to using roles in staticwebapp.config.json correct, or should I take a different approach, like for each project create a separate static web app?
Any help would be greatly appreciated!