Make it possible to change page visibility (Authenticated Vs Anonymous)

[ikteru]

Feature request

The fact that it is possible to change the visibility of the buttons according to the user status is great (authenticated vs anonymous or both).
However, I don't see why it is limited to buttons? How come you can't specify if a user has to be logged in to see a particular page or not?

Example:

Let's say we want to hide the APIs List page from users who are not signed in, and redirect them to the Sign in/Sign up page if they visit said page. After which they get redirected back to where they started, which is the APIs List page.

This is important because, let's suppose we want to share one of the APIs with a client who's interested in trying it out. What you would usually do is send them a link similar to the following:
https://developers.createitreal.com/sandbox#api=wsopenapi
In the case where the client is not signed in, he will be redirected to the Sign in page to sign in, once he does so, he gets redirected back to the page he was trying to visit in the first place.

It would be great if that would be possible even in the case where the client doesn't have account, signs up and get redirected back to the page where he started. But I'm aware it's not going to be easy.

Implementation suggesstion

It would be interestitng to add a visibility field here for each page:

[azaslonov]

Hi @ikteru, right page visibility is not supported yet, but the feature is planned (unfortunately, no ETAs yet).

[azaslonov]

Sorry, accidentally closed it.

[BobbyCGD]

I work for a large organisation which relies on the APIM Portal to create an ecosystem for users. As such we are adding more and more content to our portal every day. We quickly faced the same issue and would love to hear some ideas on how we should go about restricting access to pages for unauthenticated users for the moment until this becomes available through the portal.

[mikebudzynski]

would love to hear some ideas on how we should go about restricting access to pages for unauthenticated users for the moment until this becomes available through the portal.

Current workarounds:

1. Lock down all the content for users who aren't signed-in (all pages) - works for the managed and self-hosted versions. You can change this setting in the "Identities" section settings in the Azure portal.
2. Go with the self-hosted portal and implement a proxy layer, which checks if users are authorized to see the page.

[SteppingRazor]

@mikebudzynski @azaslonov
Guys any updates on this?

[mikebudzynski]

It's on the roadmap. Tentative ETA is 2021.

[ericfran]

Hi, any updates on this?

[mikebudzynski]

We plan to initiate the work on this feature in the second half of 2021.

[mikebudzynski]

We're now working on defining the scope of a feature that will enable content access control in the developer portal. If you're interested in this improvement, please respond to our survey: https://aka.ms/apim/survey/devportal/accesscontrol - your feedback will help us better understand your requirements and design the right solution. The survey closes on Friday, November 5.

[mikebudzynski]

We're now working on defining the scope of a feature that will enable content access control in the developer portal. If you're interested in this improvement, please respond to our survey: https://aka.ms/apim/survey/devportal/accesscontrol - your feedback will help us better understand your requirements and design the right solution. The survey closes on Friday, November 5.

Just a reminder that the survey closes in 2 days.

[kashishm]

@mikebudzynski Any update on this?

[mikebudzynski]

We're now working on this feature. It will likely be released in preview in summer.

[vinh-dc]

For those who need a workaround while waiting for this feature. Add the User Profile widget on to any page you want to lock down. e.g. API List page. The User Profile widget will redirect the user to sign in page if they are not logged in.

Don't forget to turn on Identities

[mark-quickel-msft]

Hello. Can the team (@mikebudzynski) comment on potential availability of this feature, even if in preview? Thank you.

[innoforce-dev]

Desperately needed!

[ahmedsza]

Is any of this available. Also referring to #1247 . Can any of this done if using self hosted. i,e the ability to to control who see what content based on role. If this can be done with self hosted, any samples/docs would be great

[mikebudzynski]

This feature is being implemented and will be rolled out before year-end. It will be supported only in managed portals.

[blyefd]

This feature is being implemented and will be rolled out before year-end. It will be supported only in managed portals.

Will this be limited to authenticated/anonymous, or also at the group/product level? see #1251

[dylfrost]

Has this been implemented? I cannot see any new configs to support this change, could you direct me to somewhere that describes how to set it up?

[azaslonov]

@dylfrost, yes, it is being rolled out. Current ETA for this feature to be available in every region is 2/10.

[ChandrabhanRajbhar]

Hi @mikebudzynski , Can you guide me please on "Sign In" and "Sign out" button on azure developer portal, In our current project we have an azure developer portal where we are facing the issue of Sign In and Sign out visibility issues.

Out Requirement is when a user lands on the azure developer portal home page "Sign In" button should be visible and "Sign out" should be hidden and when user logged in using credentials "Sign out" button should be visible and "Sign In" button should be hidden.

Currently in our developer portal, users are able to log in into the developer portal but the issue is that both "Sign In" and "Sign out" buttons are visible. Here I am sharing the current state of the "Sign In" and "Sign Out" button on the azure developer portal.

We are facing issue from long period of time, please guide how we can resolve this issue.

[BZTan01]

Hi @azaslonov, can you please confirm if this feature has been released, as I could not find any related documentation and release notes about this feature.

In API Dev portal visual editor, I found a configuration option to make a page accessible to 'Everyone' and/or 'Selected User Groups'. In APIM, the default user group type 'Guest' says that 'Guests is a built-in group. Its membership is managed by the system. Unauthenticated users visiting the developer portal fall into this group.'

However, when I tried both the 'Everyone' and/or 'Selected User Groups', I still could not access that page without authentication (Azure Active Directory and Azure Active Directory B2C) and it will redirect me back to the sign in page.

Can you please investigate and advise why I could not make a page accessible by unauthenticated users?