+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Log-in page redirection for user without permissions

Log-in page redirection for user without permissions

11 posts, 1 answered
  1. Sachin
    Sachin avatar
    18 posts
    Registered:
    10 Nov 2010
    31 May 2011
    Link to this post
    Hi,

    I just downloaded the Sitefinity 4.1 SP1 and I was trying to see how permissions work. If an anonymous user tries to access a page with permissions granted only to certain group of users, the following message appears on screen. How can I make log-in screen appear there instead?


    Server Error in '/4_1_SP1_Test' Application.

    This type of page is not served.

    Description: The type of page you have requested is not served because it has been explicitly forbidden.     Please review the URL below and make sure that it is spelled correctly.

    Requested URL: /4_1_SP1_Test/resources


    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    19 Sep 2016
    01 Jun 2011
    Link to this post
    Hello Sachin,

    This behavior is by design - if a user does not have view rights over a page he/she will normally be presented with 403 Forbidden error. What you can do is to set up the customErrors element in you web.config to automatically redirect you to the login screen when a user who lacks the proper permissions is trying to access a certain page. Please refer to the sample below:
    <customErrors mode="On">
      <error statusCode="403" redirect="~/Sitefinity/Login" />
    </customErrors>


    Best wishes,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Anthony
    Anthony avatar
    17 posts
    Registered:
    21 May 2003
    01 Jun 2011
    Link to this post
    Hi Boyan,

    Thanks for this, how would you change the login page for different parts of the site, in standard asp.net you could place a different web.config file in the folders of the site and specify a new 403 element, how can this be achieved in 4.1?

    Anthony
  4. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    19 Sep 2016
    01 Jun 2011
    Link to this post
    Hi Anthony,

    Can you, please, give me an example of the exact use case scenario where you want this functionality implemented so I can give you a better advice? If you want to have this only for anonymous users, you might simply use the sample user control I've attached to this reply, which can be dropped on any page and redirects anonymous users to the redirect page specified in the contorl, allowing you to set up different login pages for each page you have the control on. Please let me know if the functionality you demand is different.

    Kind regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Anthony
    Anthony avatar
    17 posts
    Registered:
    21 May 2003
    01 Jun 2011
    Link to this post
    Hi Boyan,

    Yes your attached control would give the solution but wouldn't integrate all of Sitefinity roles/permissions power.

    Basically i was looking for something similar to the following

    Section 1
    -- Home  (Template A)
    -- restricted page  (Template A) --> section 1 login (Template A)

    Section 2 
    -- Home (Template B)
    -- restricted page (Template B) --> section 2 login (Template B)

    Both of these logins use the same logic/control but are just in different areas of the site so may use a different template
  6. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    19 Sep 2016
    01 Jun 2011
    Link to this post
    Hello Anthony,

    I saw that coming :) In that case, you can utilize the built-in Sitefinity logic which handles roles/permissions and use customErrors to chatch the 403 and redirect to one page always. Then on that page you can simply implement some logic that checks where the redirect is coming from (e.g. HttpContext.Current.Request.Url.ToString().Contains("SectionName") ) and redirect the user accordingly to the desired section login page.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. Anthony
    Anthony avatar
    17 posts
    Registered:
    21 May 2003
    01 Jun 2011
    Link to this post
    Hi Boyan,

    Yes that would be a better solution, what is your preferred method to 'implement some logic',

    i know you could just create a user control and drop that on but what about using the code behind method recently introduced in 4.1, i haven't see any implementation examples of this, is this a better solution that dropping a control on, could you provide a small code behind example as i havent seen it done before?

    Cheers
    Anthony
  8. Sachin
    Sachin avatar
    18 posts
    Registered:
    10 Nov 2010
    01 Jun 2011
    Link to this post
    Hi Boyan,

    Thanks for the reply. I was actually referring the front-end access of the website when I said 'log-in screen for users'. I should have made it clear. I have a log-in page with a Sitefinity log-in control in it. I added this page to the redirect of 403 error in the web.config. It's fine until here but the log-in page doesn't redirect them to the page they initially seeking for. I searched Sitefinity website for this and found out the 'aspxerrorpath' handling will be taken care of in Q2. Until then, is there any work around for that? Users with permissions for that page should get redirected to page they were trying to access and ones with don't should get message mentioning that they don't have enough permissions to view the page.
  9. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    19 Sep 2016
    02 Jun 2011
    Link to this post
    Hi,

    @Sachin:  It's possible to configure this in an application-wide settings class, i.e. Global.asax, where you could say:
    protected void Application_Error(object sender, EventArgs e)
           {
               var currentPage = HttpContext.Current.Request.Url.ToString(); //.Split('/').Last();
               Exception ex = Server.GetLastError();
               if (ex is HttpException)
               {
                   HttpException httpEx = ex as HttpException;
                   if (httpEx.Message == "You are not authorized to access this page")
                   {
                       Response.Redirect("~/Test?returnurl=" + currentPage);
                       Server.ClearError();
                   }
               }
           }
    Which will automatically reidrect you to the page where you came from, but did not have permissions to browse.

    @Anthony,  can you, please specify what you mean by "code-behnid method" for Sitefinity pages, as I'm not quite sure what we're talking about here. When I suggested you the approach in my last reply I was thinking more of  creating a simple user control, you can actually refer to the sample above on how to get the page which redirected you to the login page.



    Best wishes,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
    Answered
  10. Chanan Zass
    Chanan Zass avatar
    123 posts
    Registered:
    21 Aug 2012
    17 May 2012
    Link to this post
    See next post.
  11. Chanan Zass
    Chanan Zass avatar
    123 posts
    Registered:
    21 Aug 2012
    17 May 2012
    Link to this post

    In version 5.0.2080 the error code I get when page is protected is -2147467259 (file does not exist).
     
    Permissions set on the pages in question allow access only to "authenticated" users.
    This puzzling error is obviously produced by Sitefinity, which considers the page as non-existent once it does not have permissions to display it.
     
    Setting global.asax to redirect to the log-in page, sends visitors to the log-in page also when page really does not exist.

    Hope this will be fixed in version 5.1.
     
     

11 posts, 1 answered