How can we improve Azure API Management?

Ability to delegate security on Content pages

We like to provide additional information to our authorized users in a more secure manner.
Anonymous guests shouldn't be able to see any and all Content that has been created.

15 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Jonathan Richmond shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Tom Schulte (Plex Systems) commented  ·   ·  Flag as inappropriate

    Content, including custom content, blogs, and media library, can be accessed without logging into Dev Portal, once someone knows the URL. This causes consternation for my colleagues in Production Management. Core areas like APIs are secured, If someone is not logged in the response is:

    Sorry, we can’t find the page you are looking for​
    Potential cause
    The link you have clicked on may be old and not point to the correct location anymore.
    You may have misspelled the URL if you typed it in.​

    Potential solution
    Try retyping the URL.
    Liquid error: parsing "{0}" - Quantifier {x,y} following nothing.
    Liquid error: parsing "{0}" - Quantifier {x,y} following nothing.

    This leads to a few questions:

    1. What is with this message only a machine could love? "Liquid error:..."
    2. Is there a way to implement a custom HTML page so that it respects the logged in user as the APIs list does. Can this be done with layers?
    3. Is there a way to implement a blog so that it respects the logged in user as the APIs list does. Can this be done with layers?

    Is there a way to use media library so that that content respects the logged in user as the APIs list does. It does not seem like layers would be relevant here. I am not talking about the page displaying the media content but direct request to the content .../.jpg .../.pdf whatever

    NOTE: I have links to content going through an authenticated layer and this prevents the link from displaying without logging in, but I am talking about users going right to a link like /blog or content like /...pdf without seeing a link and clicking it.

Feedback and Knowledge Base