Hi! I am using jekyll build, using liquid template, have my files on github repository and using netlify free plan currently to host my website. I want to put a password for a single project page (single html) since that projects deal with confidential contents. Is it possible to do this with a free plan or do I need a pro plan to do this?
This post would be better suited in the support category, can you change that for me 
If I am correct in what you are trying to do then, yes! This is absolutely possible with Role-based access control with JWT | Netlify Docs
Can you just be extra specific on what you are trying to protect, when you mention āSingle project pageā do you mean just a simple page in the site or a separate site altogether.
Feel free to ask about how you would go about using Role based redirects if you are unsure after reading the docs
Kyle.
Hello Kyle.
Excuse me with me being not specific! And I changed the category from Features to Support as you advised, thanks.
What I want to do is to put a password to the post.html file which draws its content from markdown files from the /_posts/ directory.
Within these 5 markdown files, I only want to put a password on the html file when it draws its content from the last markdown file.
Hey there @jooy 
Welcome to The Community 
Getting involved with Netlify Identity and Role Based Access Control (RBAC) can be extensive and tricky ā I wonder if it may just be too big a fish for your particular use case! Iād recommend looking into just using HTTP Basic Auth in the _headers file. This essentially allows you to define paths on your site and set one/many usernames and passwords that prompt users to enter the correct credentials to view that/those paths. Thereās no fancy login page and no styling, it just uses a browserās built-in Basic Auth login system, but it works great with very little setup.
One note here ā I donāt know if this feature is actually available on free-tier accounts. Netlify Identity and RBAC is, but Iām not sure if this simple HTTP Auth via _headers is. I have an elevated account so I wouldnāt actually be able to tell myself. It seems pretty simple to setup so Iād say give it a go and see if it works!
Hope that helps!
ā
Jon
1 Like
Unfortunately @jonsully, HTTP Auth is not available on the free plan.
Iād be more than happy to walk @jooy through setting up a simple role based redirect.
Hi.
May I ask you what you mean by āsetting up a simple role based redirectā? Excuse me for not understanding it well. I am not a professional developer and am also quite new to Netlifyā¦!
No worries! Of course Iāll explain it thoroughly to you. If there is any terminology I mention that you donāt understand make sure to let me know.
Simply put, role based redirects mean:
-
A user signs up to your identity gateway or is invited by your through the UI.
-
They are assigned role(s) - for example
adminoreditor -
Then what we can do is limit specific pages in our site to a specific role or multiple roles even.
So lets say that we want users with the role of admin to access the admin page in our site. This is how we would go about it:
In our netlify.toml file in the root of our site we can use a boilerplate like this:
[[redirects]]
from = "/admin/*"
force = true
status = 200
conditions = {Role = ["admin"]}
[[redirects]]
from = "/admin/*"
to = "/"
force = true
status = 302
This specific rule tells Netlify to only allow users with the roles of admin to access the page admin or any of its sub pages.
Kyle.
If your target audience is not generally going to disable JS, you can use JS for this.
You can do something like, set a value in localstorage and check for that when the page loads. If the value doesnāt exist, you redirect back to previous page. Not very secure, but gets the job done.
A little more security can be gained by using Firebase authentication, but even that is JS based. But if using JS is not possible, the RBAC is the only option for free tier.
1 Like