Restrict all of app to logged-in users

axiao3 · April 25, 2022, 4:31pm

Hi All,

I am new to the Anvil. I followed the instruction “Using your own Azure Active Directory” and I want to restrict all of app to logged-in users.

My codes in my client-side are showed below:

anvil.microsoft.auth.login()
if anvil.microsoft.auth.get_user_email() is None:
      anvil.users.AuthenticationFailed()

It returns None if the user dismissed the login form. However it does not restrict the users’ access to the app. Can anyone help me sort it out?

Sorry for the silly question. Thanks in advance for your help.
Ang

p.colbert · April 25, 2022, 4:36pm

What do you want your App to do (instead of what it’s currently doing), after it does this:

?

axiao3 · April 25, 2022, 4:52pm

After this, I want the users back to the log in page if the authentication is “None”.

p.colbert · April 25, 2022, 6:41pm

So it would be open_form(my_startup_form), whatever your startup form is?

lsaenz9104 · April 25, 2022, 7:48pm

The Alert component has an arguement dissmissible which can be set to false.

If you set it to false, then you can only close it by raising the 'x-close-alert' event in your conditional.

eli-anvil · April 27, 2022, 3:58pm

Hi @axiao3 !

You can conditionally set your UI elements to be visible depending on the result of your login call, so for example:

self.my_ui_element.visible = False
anvil.microsoft.auth.login()
if anvil.microsoft.auth.get_user_email() is not None:
    self.my_ui_element.visible = True

This will then only show elements of your Form if the user has successfully logged in, and will not show them if they dismiss the alert.

However, it’s worth mentioning that anything in your client code is potentially accessible to the user (and therefore potentially manipulable by them), so you’ll still want to make sure that you perform any security checks on the server before running any restricted actions. See the docs here: