+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Redirect to login page for password protected site?

Redirect to login page for password protected site?

11 posts, 0 answered
  1. Basem
    Basem avatar
    131 posts
    Registered:
    22 Dec 2010
    20 Jun 2011
    Link to this post
    For pages under "Permissions for all pages", I have set "View pages" to "Administrators only" (screenshots page_sec.png and page_perm.png). I am using the latest 4.1 SP2 that was released today.

    When I hit the site as an anonymous user, I get the default "Thank you for visiting..." display. Furthermore, when I hit a page directly, I get the error "This type of page is not served." (screenshots anon_site.png and anon_page.png).

    How do I redirect the anonymous user to a login page instead?
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    02 Dec 2016
    20 Jun 2011
    Link to this post
    Hi Basem,

    When you type your site's domain the system looks up the homepage and in your case it's not returned (because permissions omit it from the query), so it assumes there is no homepage - that's why the default "Under construction" message appears on the screen. However, when the user tries to get the page explicitly, the permissions are checked and error code 403 Forbidden is thrown. This behavior is by design - you can easily handle the error in the customErrors element in you web.config to automatically redirect you to the login screen when a user who lacks the proper permissions is trying to access a certain page. Please refer to the sample below:
    <customErrors mode="On">
      <error statusCode="403" redirect="~/Sitefinity/Login" />
    </customErrors>
     or in the Global.asax codebehind like this:
    Note this is not working in Sitefnity 5!
    protected void Application_Error(object sender, EventArgs e)
           {
               var currentPage = HttpContext.Current.Request.Url.ToString(); //.Split('/').Last();
               Exception ex = Server.GetLastError();
               if (ex is HttpException)
               {
                   HttpException httpEx = ex as HttpException;
                   if (httpEx.Message == "You are not authorized to access this page")
                   {
                       Response.Redirect("~/Test?returnurl=" + currentPage);
                       Server.ClearError();
                   }
               }
           }
    I hope this information helps, if you need any further information, please let us know.

    Regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Basem
    Basem avatar
    131 posts
    Registered:
    22 Dec 2010
    20 Jun 2011
    Link to this post
    Thanks Boyan, but how do I correct the home page problem? For a password protected site, I would like unauthenticated users to be redirected to the login page, but authenticated users to be redirected to the home page when visitors hit "http://mysite.com".
  4. Basem
    Basem avatar
    131 posts
    Registered:
    22 Dec 2010
    20 Jun 2011
    Link to this post
    There is also a major issue when hitting a password protected page and being redirected to the login (based on <customError.. config). After the user logs in, they are not redirect to the page they initially requested. So the login page just refreshes as the logged in user which doesn't make sense.
  5. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    02 Dec 2016
    21 Jun 2011
    Link to this post
    Hi Basem,

    I fully agree with you, that's exactly what you can achieve if you use the second code sample I have provided (please note that I'm passing the current page that redirected the user to the login page as a parameter to ?retururl which will cause the login widget to redirect you to the initial page once successfully authenticated). As per the homepage, yes you are right indeed this might be causing some inconvenience, however it's the domain redirect that's not working properly, not the homepage itself, because if you access it directly it will return 403 as desired. Please take a look at the sample user control I'm attaching to this reply, you can  customize it according to your purposes and place it on any page, it's main functionality is to redirect unauthenticated users to a specified page.

    Best wishes,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Guillermo Londono
    Guillermo Londono avatar
    4 posts
    Registered:
    24 Aug 2006
    30 Jan 2012
    Link to this post
    If you have your page with view permission set to authenticated users, you are going to have the 403 error before the control Load method is invoke. Is this control intended to work with a page with view permission for everyone?.

    I tried to set the application_error in the global.asax to handle this situation but when my site is on SSL I'm getting "To many redirects" kind of errors. 

    Any ideas?
  7. Chanan Zass
    Chanan Zass avatar
    123 posts
    Registered:
    21 Aug 2012
    02 Mar 2012
    Link to this post
    I found out this type of errors is common when redirecting in a multi-lingual sites.
    When you redirect to ~/ErrorPage.aspx the application will try to redirect it again to ~/en/ErrorPage.aspx (or any other language of your choice).
    We simply set
    <customErrors defaultRedirect="~/en/ErrorPage.aspx" mode="On">
    to overcome the problem.
  8. Ian
    Ian avatar
    7 posts
    Registered:
    25 Jun 2012
    19 Jun 2012
    Link to this post
    Hi

    Where the code stats a ReturnUrl do i need to code for that paramater myself or will the login widget on the custom login page pick this up and redirect?

    Its just that I cant see a property of this name in the login widget that suggest it picks it up.

    At present I have implemented the example on my page however once I have logged in it stays on the same login page I created.

    I need to write it like this as opposed to hardcoding the path as users view the data anonymously but then when they want further information they must log in and the guid of that record is passed, like so http://localhost:xxx/Login?ReturnUrl=http://localhost:xxx/more-information?id=d545a699-9999-9999-94fe-07f727ea91ec.

    If I do have to code the for the ReturnUrl parameter myself where would I do that given I would have to create some code behind in a Sitefinity page?

    Many thanks
  9. Chanan Zass
    Chanan Zass avatar
    123 posts
    Registered:
    21 Aug 2012
    26 Jun 2012
    Link to this post
    Have you looked into "DestinationPageUrl" under Behavior?
    Other than that, the widget (and LoginControl for backward compatiblity) should redirect by default to the reffering URL.

  10. Ian
    Ian avatar
    7 posts
    Registered:
    25 Jun 2012
    28 Jun 2012
    Link to this post
    Hi Chanan

    Thanks for your reply. Given that the destination url is going to be different everytime because of the GUID paramter how I would I set the DestinationPageUrl?

    An idea could be to create a Web User Control, inherited from the Login Control and on the Load event of  the control check the Page QueryString and set the DestinationPageUrl at runtime?

    I will also check the LoginControl for backward compatibility to see if this acts differently.

    Cheers
  11. Chanan Zass
    Chanan Zass avatar
    123 posts
    Registered:
    21 Aug 2012
    28 Jun 2012
    Link to this post
    Well, we use a login control, Sitefinity 5.0.2080, setting the DestinationPageUrl to the site's home page. This parameter comes into play only when no referral url exists (user calls the Login page directly, rather than being redirected to it from a protected page). If a user is being redirected to the Login page from a protected page, then he/she will be returned to that page after having completed log-in, regardless of what the value of the DestinationPageUrl parameter is.
    This is the way it works on our site.

11 posts, 0 answered