Wappler helps you easily restrict access to your pages and redirect users with insufficient privileges
After you created your login page, now you will learn how to restrict access to your pages.
Step 5: If you need to restrict access and enable access only for users belonging to a certain access level, then select it.
We want to allow access for all the logged in users, so we don’t select any permission here:
What if the server model has been set to NodeJS? Do I have a way to secure pages under this server model or my only option is to create my full project using a server model type PHP or ASP.NET? It does sound strange to me, that we cannot secure pages if we use NodeJS, is there something that I am missing?
Thanks for the pointer, I have tried to implement it and while I had great results with the protection of a database query, I am struggling to protect a whole STATIC page, where the page content itself should not be shown to unauthorized users, again I am referring to the page itself, not the dynamic data generated by an SQL query.
As you can easily see, I am trying to restrict access to the page called “staticSecretContent.html”.
In order to achieve my expected result, I have used Server Connect and connected the page to the Action “redirectUnauthorized”, NOTE that I have set the property Login URL to the login page, so I am EXPECTING (but it does not work) that if the user is not authorized, the user is redirected to the login page. The action is very simple and it consists in a simple Security Provider step and the following step is the Security Restrict. For simplicity, the Security Provider is of Type Single and the user and password is declared within the Security Provider as follow:
Unfortunately, instead of having unauthorized users redirected to the login page, the “staticSecretContent.html” is shown in full.
From the browser developer tools I can see that the application is calling the page login as expected, however it is using an XHR redirect that is not returning any visible content as such the restriction is not effective and it is not producing the expected result, which I repeat is to fully protect the static page content.
I have tried with EJS files as well, but with the same results, I can only Restrict Database queries so a portion of the page, the dynamic content portion, is not shown, but the static one is still fully displayed and that’s exactly what I need to restrict.
Furthermore, the Security Restrict is EXECUTED and ENFORCED, so it is not a problem of EJS or HTML pages, the problem is that instead of loading the /login page, it is called in the background and the Security Restrict is not REDIRECTING as it should do to the /login page.
Unfortunately, despite accordingly to the Security Restrict step, this page should not be shown and the user should be redirected to /login, the page is fully displayed and user is NOT redirected to /login.
Securing the page is not done with a server connect element… click on the app element and attach using the server side properties, as shown in the tutorial.
I cannot believe there is no simple way to secure a HTML and/or EJS page, so the page is not displayed at all and the user is redirected to a login page first…