I am having a problem with creating secure pages.
I create a simple site with the following simple structure:
All the pages are visible to annonymous apart from privatepage and very private page.
The logon page was created by simply dragging in the logon control from the available login controls within the admin system.
i have two users, administrator and bob. bob is not a member of any roles.
After denying anoymous access to the two private pages i do not initally give the role 'everyone' a view permission. So at this point nobody should view these pages.
If i now view my site my navigation shows links to three pages
this seems fine. If i try to access one of the private pages directly I am redirected to the page :http://localhost/Mysite/sitefinity/login.aspx?ReturnUrl=%2fMysite%2fprivatePage.aspx
If i now log on with the account bob I receive the error '
This type of page is not served.
This is fine as have not given 'everyone' permission to access this page.
However if i instead visit 'login.aspx' and use the login usercontrol to login with the same account 'bob', I can not access any of the private pages.
It seems if i use the /sitefinity/login.aspx page to login evrything works as expected, but if i use a page created in the cms which contains the login control i seem to have the ability to access any page i like, regardless of permissions.
I also noticed if i return to the admin and give one of the private pages 'everyone' view permission, when i then log into the site through the /sitefinity/login.aspx page , this page is now added to my navigation. I will now see:
however if i login using the login.aspx page with the account bob i still only see the links in the navigation:
however i can still access both privatepage.aspx and veryprivatepage.aspx
if i type them in directly.
Is this a bug with the login usercontrol or am i using it incorrectly somehow?