I’m having an issue with live page permissions in Sitefinity. Here’s what I’ve done so far with help from page 180 of User_Manual_3_1.pdf:
1) Integrate our custom membership and role providers into Sitefinity.
2) Created a “members_only” page that only certain roles (say “members_only”) can view (break inheritance, etc) in the live site.
3) Set Anonymous Access to Deny.
For Anonymous users this works fine as the “members_only” page doesn’t appear in the menu, they can’t access the pages and are prompted to login. This also works for users with the assigned role, as they’re able to see the menu item and browse the “members_only” pages if they’re authenticated.
What doesn’t work
This doesn’t work for authenticated users who don’t have the “members_only” role. These users are unable to view the “members_only” link in the left hand menu, which is as expected. However, I’m still able to navigate to these pages directly by typing the path in the address bar (ex. http:www.mysite.com/cms/members_only/), even though I’ve denied their role access.
This doesn’t appear to be a cache issue and I’ve tried opening new browser windows, clearing the cache and using different work stations. I’ve also tested this on the sample Jobsite to confirm it’s not my providers and get the same result. In the end, any authenticated user can view the “members_only” content on the live site if they know the path. Please let me know if you have any suggestions.
BTW. So far I’ve found Sitefinity super easy to use and integrate with my existing .NET. Great product!!