File Security Permissions for NotAuthenticatedUser

G1299 · September 14, 2023, 5:54pm

Hello,

I’m having an issue figuring out security permissions - I’m trying to restrict certain file paths so that they cannot be accessed by not authenticated users. I have a folder restricted as below:

However, when I try to call this files on page loading they are restricted, even though the user is logged in and should be able to call these files.

Why is the server blocked the call when the user is Authenticated and should be able to access?

Thank you

Marina.Kan · September 14, 2023, 6:07pm

Hi @G1299,

What response does the server return to a request to read a file?

Regards,
Marina

G1299 · September 14, 2023, 6:38pm

Hi Marina, it responds with a status 400 (Bad Request).

Marina.Kan · September 14, 2023, 6:46pm

@G1299,

It seems to me that your issue is not in the permissions but in the route. What response do you have if you grant the permission?

Regards,
Marina

G1299 · September 14, 2023, 6:52pm

If I grant Read permission to NotAuthenticatedUser the file reads and everything loads correctly.

Confused on why its routing through the NotAuthenticatedUser route instead of AuthenticatedUser when the console shows user type as Authenticated.

Marina.Kan · September 14, 2023, 7:01pm

@G1299

Please provide us with your appId and steps on how we can reproduce the issue.

Regards,
Marina

G1299 · September 14, 2023, 7:04pm

AppID: B46B9599-0927-5212-FF01-2D3539543E00

After logging in under the “Marketplace” page is where the images are read.

Nikita_Fedorishchev · September 15, 2023, 8:17am

Hello, @G1299. Thank you information.

We will check into this issue.

Regards, Nikita.

G1299 · September 15, 2023, 9:17pm

Great, thank you Nikita!

G1299 · September 17, 2023, 5:00pm

An additional note - I do have cookie-based authorization enabled as well.

In the console it does not appear that the authorization cookie is getting generated after logging in.

Viktor_Mudrevsky · September 18, 2023, 9:42am

Hi @G1299

I have one more request for you. Please create a test user in your application so that we can try logging in with their credentials and reproduce the issue.

At the moment, our preliminary assumption is that there might be something wrong with the cookie setup. I haven’t been able to reproduce your issue in my own application.

Regards,
Viktor

Alexander_Pavelko · September 19, 2023, 2:40pm

Hello @G1299!

Apologies for the inconvenience.
I’ve created a ticket to investigate this issue.
We’ll keep you updated in this thread once the issue is resolved.

Regards,
Alexander

G1299 · September 19, 2023, 6:38pm

Great, thanks for looking into this Alexander.

Andriy_Konoz · September 21, 2023, 8:12am

Hi @G1299 ,

Problem in your case was caused by fact that in UI Builder settings you selected different domain for API calls and files retrieval. This led to situation when auth cookie which was obtained during login, was considered as 3rd-party cookie and was blocked by browser.
I have updated UI Builder settings in your app to use your custom domain in both cases and problem has gone after that.

Could you please try and confirm that problem has gone from your side?

Regards, Andriy

G1299 · September 21, 2023, 5:51pm

Hi Andriy,

Yes, that appears to have fixed it! Thank you all very much for the help!