Radzen App, Default Security, 1 totally umprotectexc (open to all) page. Possible?

Greetings.
Simple app, lots of data entry protected by default security.

We think of having a "Search" page that is open to anyone (i.e. anonymous users not going through the login process at all) to allow read access to some of the data.

Naturally, the 1st error at the console is:

ERROR Error: Uncaught (in promise): Error: Cannot match any routes. URL Segment: 'login'
Error: Cannot match any routes. URL Segment: 'login'

and it goes on fromt here. All data asource methods are also "401 (Unauthorized)" .

Anything we could try to have this "open page" accessible?

Cheers

Hi @GregMu,

You can check the Security help article which shows how to specify what users can access a page.

This is expected to happen if they are decorated with the Authorize attribute. It needs an authenticated user.

This "OPEN" SEARCH Page is marked for access with "Everybody".
All the rest are marked for access only by the Role that has rights to them.
Thery are also "hidden" behind teh login page where access is granted based on the roles.

The SEARCH is not supposed to require any authentication, so it is marked for access by everybody.
I can navigate to it (there is a route in app.routes.ts) but it does not respond to anything since, as yoou said, all data source methods ARE decorated with the authorize attribute.

So the original question is still valid?

How can I make teh SEARCH page accessible to everybody?
Should I try creating distinct data sourcer methods that are not decortated with Authorize? How would we do that?

Cheers

In this case they can't be invoked on behalf of an anonymous user.

Well, I was going by the Security Help Article that says:

"By default OData controllers are not decorated with [Authorize] attribute. You can decorate them using partial class etc., etc."...

And since I did nothing intenttional to "decorate" them so I was looking for some insight/issue. I assume that when default security is enabled they are all decorated by default now?

And I should use partial classes to "undecorate" the ones I need for free access?

OData controllers are decorated with the Authorize attribute if session refresh is enabled in the security settings.

Thanks! Important info here. And a corollary question:

IIRC, from some previous thread - may be outdated now - , the session refresh interval is not reset if one is working, it will end the session at the specified time always.

Any obvious way we can logout the authenticated user immediately if he closes the browser?

There is a new feature in Radzen's security which refreshes the session automatically. It is a checkbox in the security settings.