1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Telerik approved strategy for implementing a secure site

Telerik approved strategy for implementing a secure site

2 posts, 0 answered
  1. Andrew Hyslop
    Andrew Hyslop avatar
    21 posts
    Registered:
    23 Jun 2010
    20 Apr 2011
    Link to this post
    Hey,

    I have scoured the forums and most of the documentation and cannot find a definitive answer or "best practice" for implementing a secure login based site.

    First, I started with making a "Login" page (everyone has permissions to see it), a Page Group called "Members" (allowing authenticated users only), and a nested "Home" page inheriting permissions from its parent "Members" page group. 

    I added the following to the <authentication /> element in the web.config:
    <forms loginUrl="~/login" timeout="20" requireSSL="false" defaultUrl="~/Members/" />
    

    When I attempt to access the path "/Members/Home" I get the following error:

    You are not authorized to 'View a page' ('Pages').


    This is definitely not the functionality I was expecting.  I was expecting a redirect to the /Login page.  So I looked for an answer in the forums and came across the following solution:http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/sitefinity-4-0-forms-authentication.aspx.  This is far from ideal when building a website as errors need to be seen.

    My root question is, what is the Telerik recommended way to accomplish basic user authentication in SF 4.1?
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    16 Jun 2017
    25 Apr 2011
    Link to this post
    Hi Andrew,

    The <forms> setting never works - you always get redirected to ~/Login, regardless to what is the specified loginUrl. There is a config section  Sitefinity >> Administration >> Settings >> Advanced >> Security >> Permissions >> Backend you can change the url in LoginUrl and AjaxLoginUrl boxes.  That should allow you to change the backend login. This feature (of handling the aspxerrorpath in the error pages) is not implemented at this time. We logged a task  pending to be implemented on Q2.

    Regards,
    Ivan Dimitrov
    the Telerik team

2 posts, 0 answered