Password protect entire website - Basic Authentication

[Misiu]

When creating a prototype website you want to restrict access to websites using Basic Authentication (and IP filter). Currently, we can use many providers (https://docs.microsoft.com/en-us/azure/static-web-apps/authentication-authorization) to add login logic to our app, but I didn't found any info on how to restrict access to the entire website with a password.

Netlify allows that: https://docs.netlify.com/visitor-access/password-protection/ Vercel (Zeit) also supports that: https://vercel.com/blog/protecting-deployments

If there is a way to add basic authentication please let me know. If not, then please consider this feature request.

[jgrams]

I'm searching for code solutions to this problem and ended up here!

[Misiu]

@miwebst can we have an update on this?

[miwebst]

Hi @Misiu

I dont have any updates on this right now, we've added this to our backlog but I dont have an ETA's on when this will be available.

Thanks,

Mitch

[Misiu]

Thanks for the update

[kitmccormick-22ops]

My client needs this, too.

[acdvs]

I think this functionality is a necessity — especially since the SWA workflow emphasizes the use of live staging environments. It would be great to password-protect the staging environments while they are being finalized.

[komayama]

I added .htaccess and .htpasswd for activation Basic Authentication on Static Web Apps but I think Static Web Apps doesn't have basic auth feature. We need this feature for set development and staging environment because the crawler can't get page and need more simple auth process.

[ghost]

Got any Updates (or) ETA

Its very helpful to have Basic Auth feature, Static web Apps are now in General Availability, We might protect a version of website when using custom domain some how but as we have no access to azurestaticapps.net subdomain search engines might index these URL's. Authentication and Authorization is great but anything simple is better

[anthonychu]

We're working on this feature but no ETA to share at this point.

However, we are also working on adding support for selecting one hostname as the "default" hostname. When configured, all traffic to other hostnames for the static web app will be redirected to its default hostname. This, in combination with adding canonical URLs to your pages, should provide you with the functionality you need to prevent search engines from indexing other hostnames associated to your site.

@miwebst might have better timelines to share for these features.

[GuillaumeDeconinck]

Hello there 🙂

I was wondering if there was any news on this feature as it seems to have been worked on ? Having password protected staging websites (with a simple Basic Auth) definitely helps.

On AWS, people do it by having an edge lambda executed before hitting the bucket, thus enforcing a Basic Auth by using a JS lambda which checks the headers. I don't know if it's something that could be a solution here for this ?

Thanks in advance

[markdeloura]

Just chiming in on this too. Something simple and dumb for basic password auth for static web apps would sure be great. I've been using Netlify for development with simple password protection, but my client is using Azure and wants the same functionality. Doesn't appear to be an easy way to do it... we could probably build something out with Azure Functions I suppose, but argh.

[miwebst]

This is now in public preview! Try it out and let us know what you think! https://azure.microsoft.com/en-us/updates/public-preview-protect-azure-static-web-apps-environments-with-a-password-2/

[markdeloura]

Woo! That works great, thank you!

[miwebst]

Closing this issue as the feature is now released!