+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Deny Anonymous access for Page Groups

Deny Anonymous access for Page Groups

20 posts, 0 answered
  1. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    11 Sep 2008
    Link to this post
    Whilst it's possible to restrict access to 'pages' setting the anonymous access to 'deny', it doesn't seem to be possible to do this for page groups.
    So if you had a sub-section of a site that is dedicated to authenticated users you would only want the page group to show up for users already logged in.

    In my tests I had a basic sitemap with the All Pages page group followed by the home page and then the next page group called 'authenticated users'. This page group had its own default page. Setting the anonymous access to denied for the 'authenticated users'/default page hides the default page, but the page group still shows.

    Is there a way to set page groups to not show if either no pages are visible within the group, or even better to set the entire group as anonymous = deny?

    Thanks
    Jacques
  2. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    11 Sep 2008
    Link to this post
    Hi J.Hov,

    I think you can apply "anonymous access" permissions to Page Groups.  As a test, I setup the following Site Map:

    [All Pages]
        -- Group 1
            ---- Page 1
            ---- Page 2
        -- Group 2
            ---- Page 3
            ---- Page 4

    I set "Anonymous Access" to "No" for Group 2.  Once done Group 2 disappeared from my navigation when accessing the page anonymously.

    If I'm reading your email correctly, this sounds like what you're trying to accomplish.  However, I might not be understanding.  :)

    Gabe Sumner
  3. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    12 Sep 2008
    Link to this post
    Hi Gabe,

    Your 'Group 2', that is a Page Group right?

    I've just double checked now, under Properties of the Page Group there is no anonymous setting.

    Am I missing something?

    Thanks
    J.Hov
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    12 Sep 2008
    Link to this post
    Hello J.Hov,

    You can implement the required functionality in the navigation control which you use.

    if (!this.Page.User.Identity.IsAuthenticated) 
    //hide the corresponding group page. 
     

    Also, you should set "deny" for Anonymous access property for all subpages.

    Do let us know if you need any further assistance.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  5. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    15 Sep 2008
    Link to this post
    Hi Ivan,

    Wouldn't it be of great use to be able to hide page groups as well, using the 'allow anonymous = deny' option? I can't believe that i'm the only person who'd want to use this feature?

    Regards,
    Jacques
  6. Ivan
    Ivan avatar
    478 posts
    Registered:
    16 Jun 2015
    15 Sep 2008
    Link to this post
    Hello J.Hov,

    we will discuss this request with our UX team, however, it may seem redundant to add this property since the only reason to have a Page Group is so that you can show it in the navigation as a shortcut to some other page.
     
    Anyhow, thank you for rasing this issue. It is quite possible that we've got it wrong - so we are going to rethink it once again. Let us know if there is anything else we can do for you.

    Kind regards,
    Ivan
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  7. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    15 Sep 2008
    Link to this post
    Hi Ivan,

    I think I may be misunderstanding something because it seems appropriate to have the page group dissappear if an anonymous user accesses the site. Just like one would not want a specific page visible to that user you might not want them to know that the page group/navigation exists unless they're logged in.

    If for example you had a sub-section in your site called My Details which shows up as a top level menu (page group) and has one page which it directs to a page called UserDetails.aspx. If you then set the UserDetails.aspx page to hide when the user is not signed in it does in fact dissappear, but you're left with the My Details page group hanging around. When you then click on that group it actually gives you an error.

    So essentially I would expect one of two behaviours. 1) If all pages belonging to a page group are hidden due to the anonymous setting, then the owning page group should also be hidden. 2) Allow the user to set the page group up to hide when the user is not signed in, which seems the more sensible route. (Even though some pages belonging to this page group might not be set to hide for anonymous users)

    Regards,
    Jacques
  8. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    15 Sep 2008
    Link to this post

    Hi Jacques,

    I wanted to apologize, one of the groups I had labeled in my test, was indeed mistakenly a "page".  So my test above was completely bogus.  :(

    You are correct that "anonymous access" permissions cannot currently be applied to "page groups".  I also agree this seems like a sensible feature.  I'll inquire about this.

    In the meantime, here is a possible workaround:

    1. Convert your page groups to regular pages.  (This will give you access to the "anonymous access" permission.)

    2.  Deny anonymous access to these pages.

    3.  Now create a custom User Control that you can drag & drop onto the pages you wish to behave like a group.  This UserControl will simply redirect to the page's first child page.  (In other words, this page will behave the same as a Sitefinity group.)

    Here is how you can create this UserControl:

    Create ~/UserControls/RedirectChild.ascx

    <%@ Control Language="C#" AutoEventWireup="true" CodeFile="ChildRedirect.ascx.cs" Inherits="UserControls_ChildRedirect" %> 
    Redirecting...  
     
     
     
     
     

     

    Create ~/UserControls/RedirectChild.ascx.cs

    using System;  
    using System.Web;  
    using System.Web.UI;  
    using System.Web.UI.HtmlControls;  
    using System.Web.UI.WebControls;  
     
    using Telerik.Cms;  
    using Telerik.Cms.Web;  
    using Telerik.Cms.Web.UI;  
     
    public partial class UserControls_ChildRedirect : System.Web.UI.UserControl  
    {  
        protected void Page_Load(object sender, EventArgs e)  
        {  
            CmsSiteMapProvider Map = (CmsSiteMapProvider)SiteMap.Provider;  
     
            if (Map.CurrentNode.HasChildNodes == true && Request.QueryString["cmspagemode"] != "preview" && Request.QueryString["cmspagemode"] != "edit")  
            {  
                Response.Redirect(Map.CurrentNode.ChildNodes[0].Url);  
            }  
        }  
    }  
     
     
     


    Now just include the control mapping in the <toolboxControls> section in your web.config file:

    <add name="Child Redirect" section="Navigation" url="~/UserControls/ChildRedirect.ascx" />

    Just drag & drop this "Child Redirect" control onto any Sitefinity page that you wish to behave like a Sitefinity group.  This should give you access to the "anonymous access" permission while still maintaining the functionality of the Sitefinity groups.

    Please let me know your honest thoughts on this solution!

    Gabe Sumner
  9. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    16 Sep 2008
    Link to this post

    Hi Gabe,

    Yeah that sounds like a good temporary solution to me. Thanks for the input.

    I do hope you guys will consider the feature for future releases.

    Cheers

    J.Hov

  10. Brook
    Brook avatar
    39 posts
    Registered:
    21 Mar 2007
    22 Jan 2009
    Link to this post
    I just came across this issue and need this evening.  I spent hours trying to figure out what I was doing wrong.  I agree with Jacques, Group Pages should have the option to Deny Anonymous Access to support the need for group pages accessible by logged in clients.  Glad I found this thread and thanks to Gabe for the work around, appreciate it!

    Brook
  11. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    22 Jan 2009
    Link to this post
    Hello,

    This feature will not be implemented in 3.6, but we have it mind.

    Regards,
    Georgi
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  12. S. Webb
    S. Webb avatar
    36 posts
    Registered:
    28 Dec 2006
    22 Jan 2009
    Link to this post
    There is a possible easier solution to this, you could create a page and set the anonymous access to deny, save and publish the page, then change the page type to a page group. This should deny anonymous access to this page group as well.

    If you needed to remove the anonymous access just set the page type back to a page, set anonymous access to allow, save the page and then change the page type to a group.
  13. Gabe Sumner
    Gabe Sumner avatar
    440 posts
    Registered:
    09 Sep 2007
    22 Jan 2009
    Link to this post
    That's a very interesting suggestion.

    I was unable to get this technique to work for me though.  When I changed the Page Type to Page Group the permissions were no longer applied to the group.  I'm using Sitefinity 3.5.

    Can anyone else confirm or deny that this works?

    Thanks for contributing S. Webb!

    Gabe Sumner
    http://www.sitefinitywatch.com/
  14. S. Webb
    S. Webb avatar
    36 posts
    Registered:
    28 Dec 2006
    22 Jan 2009
    Link to this post
    I was on 3.2, my mistake.

    Steve
  15. S. Webb
    S. Webb avatar
    36 posts
    Registered:
    28 Dec 2006
    22 Jan 2009
    Link to this post
    I was on 3.2, my mistake.

    Steve
  16. Brook
    Brook avatar
    39 posts
    Registered:
    21 Mar 2007
    22 Jan 2009
    Link to this post
    I am using 3.5 sp1 and that technique definitely does not work.  Gabe's solution works like a charm however and is easy to implement.  I would like to ask again that having the ability to deny or allow Anonymous access to a group page is a definite value for anyone running a site that needs to have pages/groups hidden from the public.  Again, thanks to Gabe for the easy and hopefully short term work around! 
  17. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    23 Jan 2009
    Link to this post
    Hey Telerik team,

    I haven't viewed this thread for a while now and was surprised to see that the feature still has not made it into any of the new releases.

    Would you consider setting up a survey to ask your customer base whether or not they think it's important? I mean for all we know, there may be hundreds of people out there having come up with temporary fixes to solve this problem.

    I mention this because I'm still of the firm belief that this is a vital part of any content management system navigation.

    Kind regards,
    Jacques
  18. Brook
    Brook avatar
    39 posts
    Registered:
    21 Mar 2007
    23 Jan 2009
    Link to this post
    I am not sure why a Poll for this issue would even be required.  For a CMS system, this feature seems like a no brainer.  Why would you ever have a page/page group that you could not restrict from public view. 

    Other CMS systems have the ability to easily allow you to control access to items on a page.  Hate to see the Sitefinity team wasting time asking people for their opinions about a feature that should be there aleady.  Just my opinion.

  19. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    23 Jan 2009
    Link to this post
    Hey there Brook,

    Fair enough, you're actually saying what I think, but I was trying my hand at a diplomatic approach. :o)

    I stand by my point, it seems an obvious feature to have.

    Telerik team... can you give us an explanation as to why you would not consider this a valuable part of the system?

    Kinds Regards,
    Jacques
  20. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    26 Jan 2009
    Link to this post
    Hi,

    The reason is that there are some other things that needs to be changed in order this to be available. For example, when you switch the page type, the page options disappear, so we will have to put in on neutral place.
    There is one more reason, and it is the more important - we preferred to make optimizations and new implementations regarding the performance and the ease of use up to now. It is not because we do not listen to what is your opinion. We keep it in mind, and implement it when the right time comes.

    One more thing -  I wonder why you do not use the Normal page type, instead of Group Page? If you set "Deny Anonymous" to Yes, all child pages will inherit this (unless you break the inheritance). If you request a page under normal page with anonymous access disabled, the system will ask you for your login credentials. If you want to redirect the request to the first child page, you can always build a user control that does this for you.

    As a bottom line, I also think that this is important feature. We haven't said "No" to it :)

    Sincerely yours,
    Georgi
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Register for webinar
20 posts, 0 answered