+1-888-365-2779
Try Now
More in this section

Authorization

19 posts, 0 answered
  1. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    19 Nov 2010
    Link to this post
    Hi,

    I'm developing a members module. These members need to be able to login to /members/ but they defeinitely must not be able to access /sitefinity/

    Is it possible to simply add another forms configuration element::

    <forms name="membersToken" loginUrl="~/members/login.aspx" timeout="20" protection="All" path="/" requireSSL="false" cookieless="UseCookies" />

    Thanks
    higgsy
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    19 Nov 2010
    Link to this post
    Hello higgsy,

    1. The module is located in the backend which means the users should be able to get access to /Sitefinity
    2. You can implement permissions for your module and deny access to all other modules for a given role except for your "members" module
    3. You can implement front end management for your module and its items.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    19 Nov 2010
    Link to this post
    Hi Ivan,

    I definitely do not want users to access sitefinity. I am writing a form on the front end, and using the ContentManager I should be able to use the Content Manager, get the record which matches the logged in user and then update the record - this was the advice I was given previously in the forum. Does that make sense?

    So to acheive this I want them to login to /members/ - is this not possible? It's really importan tthey do not have access to the /sitefinity directotyr.

    Thanks
    higgsy
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    19 Nov 2010
    Link to this post
    Hello higgsy,

    You can authenticate the users before they reach your form and bind the public user control depending on the role of this user.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    19 Nov 2010
    Link to this post
    Hi Ivan,

    Could you provide a little more information than that, in particular:

    1) sitefinity already adds a Forms configuration element:

    <forms name=".ASPNET" loginUrl="~/sitefinity/login.aspx" protection="All" timeout="1440" path="/"/>

    Can I add an additional configuration element for:

    <forms name=".Members" loginUrl="~/members/login.aspx" protection="All" timeout="1440" path="/"/>

    2) The module itself has a metafield which is username. Therefore on the public user control I should be able to use the ContentManager, filter on records that have a Username metafield equal to the currently logged in user, then when the user updates the information I can set the content to stagedcontent so that it appears within the SiteFinity module as "Awaiting approval". Does that seem correct? I am basing this on a previous conversation we have had on the forum.

    Thanks
    higgsy
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Nov 2010
    Link to this post
    Hello higgsy,

    1. You cannot add two forms elements in the web.config
    2. You can use MetaSearchInfo filter which allows you to filter by any metakey you have created. Then get the content (or create it by using ContentManager class) and use the workflow API to send it for approval and then approve it.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  7. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    22 Nov 2010
    Link to this post
    Hi Ivan,

    Thanks for the response - question 1 was a silly question, apologies!

    I have got the solution working by doing the following:

    1) On the /members/ page I have added the SiteFinity login control
    2) Each page under /members/ I have disabled anonymous access (via the sitefinity admin interface)
    3) On the /members/my-profile.aspx I have used the contentmanager and workflow API - works perfectly.

    I do however have a couple of final questions.

    1) If a user accesses /members/my-profile.aspx without logging in first they are redirected to /sitefinity/login.aspx?ReturnURL=/members/my-profile.aspx. Is it possible to make any requests for pages under the root of /members/ to use the login control on the /members/ home page - I essentially do not want the users knowing there is a sitefinity admin interface.

    2) Is it possible to allow only the "administrators" and "content_editors" roles to login via /sitefinity/login.aspx

    Thanks
    higgsy
  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Nov 2010
    Link to this post
    Hi higgsy,

    1. You could check whether the request is authenticated or not. If the request is not authenticated you can redirect the user to a custom login page, otherwise all requests will go to the page set to loginUrl attribute of authentication node in your web.config. If you want you can change this value, but this will affect the website globally.

    2. Go to Administration >> Permissions and deny the CmsAccess for all roles that you do not want to access the backend.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    22 Nov 2010
    Link to this post
    Hi Ivan,

    Both perfect responses. I've created a very simple user control which can be dragged onto a page, which checks if the user is loggedin and redirects to a certain page if not.

    One last question.

    Can I override the code for the SiteFinity Login Control that is available from within the Toolbox? At the moment it doesnt recognise the parameter ReturnUrl, and I also want to do a check on the user trying to login to ensuire they are part of the members role.

    Thanks
    higgsy

  10. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    22 Nov 2010
    Link to this post
    Hi higgsy,

    Yes you can override the control behavior. The control is located inside Sitefinity/UserControls/Login folder.

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  11. Mart
    Mart avatar
    66 posts
    Registered:
    10 Aug 2006
    01 Dec 2010
    Link to this post
    Hello Higgsy,

    Is it possible to share you solution with us?

    Thanks,

    Mart
  12. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    02 Dec 2010
    Link to this post
    Hi Mart,

    No problem. As I am creating a module you will notice the code is all part of a namespace.

    AppCode/MemberLogin.cs
    using System.Web.Security;
    using System.Web.UI.WebControls;
    using Telerik.Cms.Web.UI;
    using Telerik.Cms.Engine;
    using System.Web.UI.HtmlControls;
    using Telerik.Workflow;
    using System.Web.Profile;
    using System.Web.UI;
    using System.ComponentModel;
    using System;
     
    namespace App_Code.Modules.Members.MembersModule.WebControls.Public {
        /// <summary>
        /// Summary description for MemberLogin
        /// </summary>
        public class MemberLogin : SimpleControl {
             
            public MemberLogin() {}
     
            #region Fields
     
            private string _strSectionHyperLink;
     
            #endregion
     
            #region Properties
     
            public override string LayoutTemplatePath {
                get { return "~/lib/controls/membersModule/frontend/MemberLogin.ascx"; }
            }
     
            [Category("Misc")]
            [Description("Select the page this section should link to")]
            [DisplayName("Page: ")]
            [WebEditor("Telerik.Cms.Web.UI.CmsUrlWebEditor, Telerik.Cms")]
            public string sectionHyperlink {
     
                get {
     
                    return this._strSectionHyperLink;
     
                }
     
                set {
     
                    this._strSectionHyperLink = value;
     
                }
     
            }
     
            #endregion
     
            #region Method_Overrides
     
            protected override void InitializeControls(System.Web.UI.Control controlContainer) {
     
                //set login control properties
                this.oLogin.DestinationPageUrl = this.Context.Request.QueryString["ReturnUrl"];
                this.oPasswordRecoveryHyperlink.NavigateUrl = this._strSectionHyperLink;
                this.oPasswordRecoveryHyperlink.Text = "Retrieve password";
                this.oLogin.LoginError += new System.EventHandler(oLogin_LoginError);
     
                base.InitializeControls(controlContainer);
            }
     
            //this simple piece of code prevents the composite control from creating a <span></span> wrapper
            protected override void Render(HtmlTextWriter writer) {
                RenderContents(writer);
            }
     
            protected override void OnLoad(System.EventArgs e) {
     
                base.OnLoad(e);
     
                //add css and js to head of document
                HtmlLink oUniFormCss = new HtmlLink();
                oUniFormCss.Attributes.Add("href", "/lib/plugins/uni-form/css/uni-form.css");
                oUniFormCss.Attributes.Add("rel", "stylesheet");
                oUniFormCss.Attributes.Add("type", "text/css");
                oUniFormCss.Attributes.Add("charset", "utf-8");
                oUniFormCss.Attributes.Add("media", "screen");
                this.Page.Header.Controls.Add(oUniFormCss);
     
                HtmlLink oUniFormDefaultCss = new HtmlLink();
                oUniFormDefaultCss.Attributes.Add("href", "/lib/plugins/uni-form/css/default.uni-form.css");
                oUniFormDefaultCss.Attributes.Add("rel", "stylesheet");
                oUniFormDefaultCss.Attributes.Add("type", "text/css");
                oUniFormDefaultCss.Attributes.Add("charset", "utf-8");
                oUniFormDefaultCss.Attributes.Add("media", "screen");
                this.Page.Header.Controls.Add(oUniFormDefaultCss);
     
            }
     
            void oLogin_LoginError(object sender, System.EventArgs e) {
     
                HtmlGenericControl oMessageContainer = new HtmlGenericControl();
                oMessageContainer.TagName = "p";
                oMessageContainer.Attributes.Add("class", "fontRed");
                oMessageContainer.InnerText = this.oLogin.FailureText;
                this.Controls.Add(oMessageContainer);
                 
                //add the control to the page
                this.oLoginMessagePlaceHolder.Controls.Add(oMessageContainer);
     
            }
     
            #endregion
     
            #region Virtual_Controls
     
            protected virtual Login oLogin {
                get {
                    return base.Container.GetControl<Login>("Login1", true);
                }
            }
     
            protected virtual PlaceHolder oLoginMessagePlaceHolder {
                get {
                    return this.oLogin.FindControl("plhLoginMessage") as PlaceHolder;
                }
            }
     
            protected virtual Literal oFailureTextLiteral {
                get {
                    return this.oLogin.FindControl("FailureText") as Literal;
                }
            }
     
            protected virtual HyperLink oPasswordRecoveryHyperlink {
                get {
                    return this.oLogin.FindControl("hplPasswordRecovery") as HyperLink;
                }
            }
     
            #endregion
     
        }
     
    }

    MemberLogin.ascx
    <%@ Control Language="C#" ClassName="MemberLogin" %>
    <asp:Login ID="Login1" runat="server">
        <LayoutTemplate>
            <h3>Login</h3>
            <asp:PlaceHolder ID="plhLoginMessage" runat="server" />
            <div class="uniForm">
                <fieldset>
                    <div class="ctrlHolder">
                        <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>
                        <asp:TextBox ID="UserName" runat="server" CssClass="textInput"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" ErrorMessage="* required" ToolTip="User Name is required."></asp:RequiredFieldValidator>
                    </div>
                    <div class="ctrlHolder">
                        <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>
                        <asp:TextBox ID="Password" runat="server" TextMode="Password" CssClass="textInput"></asp:TextBox>
                        <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" ErrorMessage="* required" ToolTip="Password is required."></asp:RequiredFieldValidator>
                    </div>
                    <div class="ctrlHolder">
                        <asp:CheckBox ID="RememberMe" runat="server" Text="Remember me next time." />
                    </div>
                    <asp:Literal ID="FailureText" runat="server" EnableViewState="False" Visible="false"></asp:Literal>
                    <div class="buttonHolder">
                        <asp:Button ID="btnUpdateProfile" runat="server" CommandName="Login" Text="Log in" CssClass="primaryAction secondaryAction" />
                    </div>
                    <p><asp:HyperLink ID="hplPasswordRecovery" runat="server" Text="Forgotten password" /></p>
                </fieldset>
            </div>
        </LayoutTemplate>
    </asp:Login>

    And then I have made this control available within the ToolBox, so:

    using Telerik.Web;
    using App_Code.Modules.Members.MembersModule.WebControls.Public;
     
    namespace App_Code.Modules.Members.MembersModule.WebControls.Admin {
        /// <summary>
        /// Represents a toolbox item for NewsArchive control.
        /// </summary>
        public class MembersLoginToolboxItem : ToolboxItem {
     
            public MembersLoginToolboxItem()
                : base(typeof(App_Code.Modules.Members.MembersModule.WebControls.Public.MemberLogin)) {
                base.Section = "Members";
                base.DisplayName = "Members Login";
                base.Description = "Control that displays case studies within a tabbed format.";
            }
     
        }
    }

    And from the your module you will need to invoke the toolboxitem:

    public override IList<IToolboxItem> Controls
            {
                get
                {
                    return new List<IToolboxItem> { new Members.MembersModule.WebControls.Admin.MembersLoginToolboxItem() };
                }
            }

    Hope this helps.
    higgsy
  13. Mart
    Mart avatar
    66 posts
    Registered:
    10 Aug 2006
    03 Dec 2010
    Link to this post
    Hello Higgsy,

    Thanks for sharing the code with us.
    I try to make a site in which yoy can create pages with custom content per user
    Maybe you have any suggestions on how to do this? 

    Thanks again,

    Mart

     p.s. If you have a ready made module / solution I will pay a donation to you for it

  14. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    03 Dec 2010
    Link to this post
    Hello Mart,

    You can try something similar to Roles Selector and hiding control based on user's roles

    Kind regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  15. Mart
    Mart avatar
    66 posts
    Registered:
    10 Aug 2006
    03 Dec 2010
    Link to this post
    Hello Ivan,

    Thanks for your response.
    I have seen this direction but the text in the control / page  needs to be specific for each user.
    so I need extra datafields and maybe an extra table in the database which i have to make acces to.
    As dataacces in sitefinity is realy difficult (not just make a connection to database, create a datareader etc.) I need some help here

    I you can help me please help

    Yours,

    Mart 
  16. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    03 Dec 2010
    Link to this post
    Matt,

    Do you mean you want users to be able to login to the CMS, or are you saying that when people are logged in to the public side of the website you want them to see custom content depending on who they are? There's a huge difference between the two options.

    higgsy
  17. Mart
    Mart avatar
    66 posts
    Registered:
    10 Aug 2006
    03 Dec 2010
    Link to this post
    Hello Higgsy,

    I want people who logged in to have specific information displayed based on their useraccount on certain pages.
    which eventially they can change themselves. I do not want to use metafields but records from sql-database
    So when person A is logged in het sees a page with text:   "blah blah"
    And when person B is logged in she sees a page with text "thank you very much "

    Hope you can help me,

    Mart 
  18. higgsy
    higgsy avatar
    336 posts
    Registered:
    05 Aug 2010
    03 Dec 2010
    Link to this post
    Matt,

    Ok, so by logged in do you mean you are adding a login control to the website, or do you mean logged in to sitefinity?

    If you mean the first option i.e. the user is logging in to a page on your website (not sitefinity), then the solution is quite simple.

    The content in the custom tables in your database needs to have a column that records userID. The user control on the front end website then needs to look at:

    Membership.GetUser().ProviderUserKey - which is the UserID field, and then run a Linq query to match the content in the database based on the UserID field. Make sense?

    higgsy
  19. Mart
    Mart avatar
    66 posts
    Registered:
    10 Aug 2006
    03 Dec 2010
    Link to this post
    Higgsy,

    I use sitefinity as a framework. The pages are created in sitefinity. I use the logincontrol of sitefinity but there is no need for the users to login on the backend I suppose unless they want to change the records isn't it?

    Mart 
Register for webinar
19 posts, 0 answered