1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Force user to log in to view protected pages

Force user to log in to view protected pages

10 posts, 0 answered
  1. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    03 Jan 2012
    Link to this post
    I have a number of protected pages the need to hide form the user unless they're logged in.  I
    tried breaking page permission inheritance and setting the "Advanced>Explicitly deny this to selected roles and users:" option to "Anonymous".

    I would have expected this to redirect to the login page but I'm getting the following instead:

    Server Error in '/NLGSitefinityWebApp' Application.

    This type of page is not served.

    Description: The type of page you have requested is not served because it has been explicitly forbidden. Please review the URL below and make sure that it is spelled correctly.

    Requested URL: /NLGSitefinityWebApp/user/digital-content


    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.237 


               

    I'm running SF 4.4.  What's the recommended practice for redirecting users to a login page?

    Thanks -- Steve
  2. Svetoslav Petsov
    Svetoslav Petsov avatar
    456 posts
    Registered:
    24 Sep 2012
    04 Jan 2012
    Link to this post
    Hello,

     When you deny access to anonymous users, they get a 403 Forbidden HTTP error. So, what you can do here is add CustomErrors in your web.config and redirect to login page when a user gets a 403 error:

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
                <error statusCode="403" redirect="NoAccess.htm" />
            </customErrors>
    (this is the sample from web.config, you will only have to change the redirect link to point to your login page)

    All the best,
    Svetoslav Petsov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    04 Jan 2012
    Link to this post
    Hi Svetoslav,

    Will this work if the login page is dynamically generated by SF?  On my development box, my login page is located at:

    http://localhost/NLGSitefinityWebApp/user/login

    I have edited my web.config file like so:

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
        <!--<error statusCode="403" redirect="NoAccess.htm" />-->
        <error statusCode="403" redirect="~/user/login" />
        <error statusCode="404" redirect="FileNotFound.htm" />
    </customErrors>

    but I'm still getting the same error.

    --Steve
  4. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    04 Jan 2012
    Link to this post
    I decided to take a different approach to quickly get around this issue.  I created a simple Widget with the following code behind:

    using System;
    using System.Web.Security;
     
    namespace SitefinityWebApp.CustomControls
    {
        public partial class ForceLoginControl : System.Web.UI.UserControl
        {
            private string _RedirectURL = "~/user/login";
     
            public string RedirectURL
            {
                get { return _RedirectURL; }
                set { _RedirectURL = value; }
            }
     
            protected void Page_Load(object sender, EventArgs e)
            {
            }
     
            protected override void OnInit(EventArgs e)
            {
                base.OnInit(e);
             
                MembershipUser user = Membership.GetUser(false);
     
                if (user == null)
                    Response.Redirect(_RedirectURL);
            }
        }
    }

    I can drop this on any page I want to restrict anon access to and force redirect to the login page.

    --Steve
  5. Svetoslav Petsov
    Svetoslav Petsov avatar
    456 posts
    Registered:
    24 Sep 2012
    04 Jan 2012
    Link to this post
    Hi,

     The path to the page should be relative - if you are using the default login, it should be referenced like that:
    "~/Sitefinity/Login" (so yours seems correct). Also, you can remove the default redirect link and the 404 redirect - they are just as an example there, not needed in your case.
    Finally, don't forget to restart the server, so that the change can apply. 
    What you did can also be done, but you will have to repeat it for every page that you want to restrict. Handling the 403 error will redirect every time a user is denied.

    Greetings,
    Svetoslav Petsov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    04 Jan 2012
    Link to this post
    Hi Svetoslav,

    I did try manually restarting the server from IIS before posting but it had no effect on the error--not sure what the issue is.  I'll dig into this further when I have some time.  For now, I think I'll go with my custom control.  I don't have a lage number of pages to protect so this will get me up and running quickly.

    Thanks -- Steve
  7. Svetoslav Petsov
    Svetoslav Petsov avatar
    456 posts
    Registered:
    24 Sep 2012
    04 Jan 2012
    Link to this post
    Hi,

     I'm glad that you found a way to get it working. Please let me know if you have any other difficulties or problems with this.

    All the best,
    Svetoslav Petsov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  8. Luke
    Luke avatar
    12 posts
    Registered:
    13 Dec 2007
    05 Jan 2012
    Link to this post

    I use the following in the Global.asax to redirect to a login page as it allows for the use of the login control's redirect after login functionality.

    protected void Application_Error(object sender, EventArgs e)
    {
        Exception ex = Server.GetLastError();
        if (ex is HttpException)
        {
            HttpException httpEx = ex as HttpException;
            string currentPage = HttpContext.Current.Request.Url.PathAndQuery;
            string loginPath = "~/login?ReturnUrl=";
            // check for access denied and prevent possible redirect loop
            if (httpEx.GetHttpCode() == 403
                && !currentPage.StartsWith(loginPath.TrimStart('~'), StringComparison.OrdinalIgnoreCase))
            {
                Response.Redirect(String.Concat(loginPath, currentPage));
                Server.ClearError();
            }
        }
    }

    Feature Request:
    To have a predefined set of frontend error pages, separated in similar fashion to the current frontend and backend groups, that would be customizable(title, theme, layout and content) and support multi-lingual translation. The page for a given error would always exist (base error page can't be deleted but translations of it may be deleted) and always be accessible anonymously. The Sitefinity route handler would catch an HttpException, matching a predefined error page, and redirect to the error page. I see this being most beneficial for 403 and 404 errors, as they could easily be styled to look like the site and have access to the content of site.

  9. Svetoslav Petsov
    Svetoslav Petsov avatar
    456 posts
    Registered:
    24 Sep 2012
    05 Jan 2012
    Link to this post
    Hello Luke,

     Thanks for sharing your code with the community and for the feature request! I logged it in our system, here's the PITS issue, that you can follow:
    http://www.telerik.com/support/pits.aspx#/public/sitefinity/9187 
    I updated your Telerik points.

    Greetings,
    Svetoslav Petsov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  10. SteveV
    SteveV avatar
    178 posts
    Registered:
    06 Nov 2011
    06 Jan 2012
    Link to this post
    Thanks Luke--very helpful.

    --Steve
10 posts, 0 answered