I have configured a token and following are the settings at the Verizon Premium token config for the token generation.
My CDN is pointing to static files on storage account. But apart from home page rest all pages are giving 403 error. I have '/' on the ec_url_allow. I am unable to solve this problem any idea?
• You are getting this 403 error for all the other pages other than the home page because though ‘/’ is allowed in the ‘ec_url_allow’ section in the token configuration section, you will have to define the correct paths in the rule’s engine, enable the token authentication feature and enable the additional token authentication related capabilities.
For the above purpose, you will have to create a rule set to define the asset or path for which you want to apply token authentication with the condition ‘if the URL Path Directory Matches value equals to <directory path>, then the token authentication will take place and be enabled’. To do the same as discussed above, kindly follow the below documentation: -
https://learn.microsoft.com/en-us/azure/cdn/cdn-token-auth#setting-up-token-authentication
As a result, the ‘custom name’ option defined in the ‘Name’ option only contains valid URL characters that defines the name of the query string parameter where Token-Based Authentication will expect a token value. Hence, as per in the example below, the custom name should be specified post enabling the token authentication parameter: -
http://cdn.mydomain.com/secure/asset.html?mycustomname=Token
Thus, you should enable the rule and configure it accordingly to allow the custom path name in it to be able to access the files inherent in that path and avoid the ‘403’ error.
Update : - Kindly check the below snapshots for the modifications in the 'token auth' section of the verizon premium endpoint management: -
Also, do ensure that the custom 'test' blob created for your static website hosted in the storage account is configured for the access level 'Blob (anonymous read access for blobs only)' such that when you are trying to access the content within the 'test' blob, you are able to access it and not interrupted by the blob's access level policy even when the rules engines settings are correct.
The URL that I am forming to access content within the '$web' blob is as follows: -
'https://storageaccountname.blob.core.windows.net/test/ADFS role post-install configuration certificate install.jpg?Tokengenerated'
Please find the below formed rules policy in the rules engine as in below snapshot: -
Thus, configuring a policy as a rule in the rule builder based on the parameters defined in the token auth is necessary for accessing the different pages of the storage account successfully.
Please do make sure that you are not giving the default '$web' path in the rules engine policy because it won't work, thus you will have to create some other custom blob container and give its path in the rules engine as given by me.
