More in this section
Forums / Bugs & Issues / External page accesible in protected folder

External page accesible in protected folder

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
2 posts, 1 answered
  1. Cristian Apavaloaiei
    Cristian Apavaloaiei avatar
    20 posts
    29 Aug 2008
    29 Jul 2010
    Link to this post
    I have a section named 'account', which is set to deny anonymous access. This works fine for all pages under this folder. I've added an external page that emulated the same folder structure ( ~/account/licenses/order.aspx) and added it to the sitefinity folder ~/account/licenses from the control panel. The security settings are disabled for this external page from within sitefinity, but the radio button 'deny' is checked under allow anonymous access.
    The problem is that i can still access this page even when i'm not logged in. Is there a way that the external page can inherit sitefinity's security settings? Or do i have to add a web.config file under that folder and specify the security settings myself.

    Later edit: I've now noticed that the path of the file is not correct, although both its physical location and the virtual location inside sitefinity are ~/account/licenses/order.aspx, and the file is accessed from the same link, the menu to the left of the page shows the structure as seen from the root of the page.

  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    12 Sep 2017
    29 Jul 2010
    Link to this post
    Hello Cristian Apavaloaiei,

    The permissions that are set through Sitefinity are valid only in the context of the CMS and its navigation controls. If someone knows that path to your external page they will be able to access it without problems. For such cases you need to create a physical folder where you store all external pages and then secure this folder from IIS or using custom HttpModule or HttpHandler.

    I have provided several samples about this implementation

    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 1 answered