1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Live Page Permissions

Live Page Permissions

8 posts, 0 answered
  1. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    22 Nov 2007
    Link to this post

    I’m having an issue with live page permissions in Sitefinity. Here’s what I’ve done so far with help from page 180 of User_Manual_3_1.pdf:

    1) Integrate our custom membership and role providers into Sitefinity.
    2) Created a “members_only” page that only certain roles (say “members_only”) can view (break inheritance, etc) in the live site.
    3) Set Anonymous Access to Deny.

    What works
    For Anonymous users this works fine as the “members_only” page doesn’t appear in the menu, they can’t access the pages and are prompted to login. This also works for users with the assigned role, as they’re able to see the menu item and browse the “members_only” pages if they’re authenticated.

    What doesn’t work
    This doesn’t work for authenticated users who don’t have the “members_only” role. These users are unable to view the “members_only” link in the left hand menu, which is as expected. However, I’m still able to navigate to these pages directly by typing the path in the address bar (ex. http:www.mysite.com/cms/members_only/), even though I’ve denied their role access.

    This doesn’t appear to be a cache issue and I’ve tried opening new browser windows, clearing the cache and using different work stations. I’ve also tested this on the sample Jobsite to confirm it’s not my providers and get the same result. In the end, any authenticated user can view the “members_only” content on the live site if they know the path. Please let me know if you have any suggestions.

    BTW. So far I’ve found Sitefinity super easy to use and integrate with my existing .NET.  Great product!!

    J

  2. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    26 Nov 2007
    Link to this post
    Hi moodie,

    This is a strange behavior. What should happen is: Not authorized users don't see pages in navigation and if they browse to the restricted pages a 403 http exception is thrown. Just to make sure, here are the exact steps you should take to create a restricted page:

    • Create a role, let's say "special users";
    • Create a user, i.e. "Yasen" and add him only to the special users role;
    • Create a page, and set "anonymous access" to "deny";
    • Make sure that Yasen does not have "view" permissions (permissions are accumulated for both "everyone" and "special users" roles);

    If you login as "Yasen" you should first get a 403 error entering the admin part, then if you browse to the restricted page you should again get a 403 error. If this is not what is happening, could you please send a sample project where this issue is present and we will investigate it.

    Thank you in advance for your cooperation.

    Greetings,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    26 Nov 2007
    Link to this post
    Hello Yasen,

    I followed your instructions with my project and the "Jobs IntraSite" example included in the dowload for Sitefinity3.0 (version 3.00.0000), but don't get the 403 exception.  I'm still able to browse to these pages when deny is set and the user doesn't have view (or any other) permissions.

    I'll try downloading the latest version (3.1) to see if I get the same results.

    J
  4. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    26 Nov 2007
    Link to this post
    Hi moodie,

    Sorry for the misunderstanding - I thought you were using version 3.1. Indeed, in Sitefinity 3.0, this problem exists. You should experience the described behavior (in my previous post) using Sitefinity 3.1 or later. Please let us know if you need further assistance.

    Kind regards,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  5. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    26 Nov 2007
    Link to this post
    Thanks!  Sorry I should have specified that I was using 3.0.  I tested this with the latest version and it works perfectly.

    J
  6. Will
    Will avatar
    1 posts
    Registered:
    03 Aug 2007
    11 Dec 2007
    Link to this post
    Hi there,

    I am having the same problem as moodie here.  I dont have 3.1 and dont wish to upgrade is there a work around or fix for this specific bug in sitefinity 3.0 (i think its sp2)

    thanks

    Will
  7. Jason M
    Jason M avatar
    108 posts
    Registered:
    15 Jan 2007
    11 Dec 2007
    Link to this post
    Hello Will,

    I tried a bunch of things, but in the the upgrade to 3.1 is quite easy and solved my problem.  The new version also has some good new features.  Check out the release post:
  8. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    14 Dec 2007
    Link to this post
    Hi Will,

    It is possible to fix this in Sitefinity 3.0, you just need to do the checks manually. In 3.0, authenticated users might be able to view restricted pages, so you could add some code that executes on post authenticate request (in global.asax or custom http handler) and checks if the page is restricted and if the user has permissions to view it.

    Here is a sample code that you could use:
    ICmsUrlContext urlContext = CmsUrlContext.Current;     
    if (urlContext == null)     
        return;     
        
    if (urlContext.DenyAnonymous)     
    {     
        if (user.Identity.IsAuthenticated)     
        {     
            CmsManager manager = new CmsManager();     
            ICmsPage cmsPage = manager.GetPage(urlContext.PageID) as ICmsPage;     
        
            Telerik.Cms.Security.PagePermission perm = new Telerik.Cms.Security.PagePermission(cmsPage, Telerik.Cms.Security.PageRights.View);     
            if (!perm.CheckDemand())     
            {     
               // user does not have permissions, you can redirect them to login or error page    
            }     
        }     
        else    
        {     
           // user is not authenticated   
        }     
    }    
     

    If you have any other questions, we'll be glad to help.

    Greetings,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Register for webinar
8 posts, 0 answered