Forums / Developing with Sitefinity / Authorization

Authorization Cancel

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.

19 posts, 0 answered

higgsy

336 posts
Registered:
05 Aug 2010

19 Nov 2010
Link to this post
Hi,

I'm developing a members module. These members need to be able to login to /members/ but they defeinitely must not be able to access /sitefinity/

Is it possible to simply add another forms configuration element::

<forms name="membersToken" loginUrl="~/members/login.aspx" timeout="20" protection="All" path="/" requireSSL="false" cookieless="UseCookies" />

Thanks
higgsy
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

19 Nov 2010
Link to this post
Hello higgsy,

1. The module is located in the backend which means the users should be able to get access to /Sitefinity
2. You can implement permissions for your module and deny access to all other modules for a given role except for your "members" module
3. You can implement front end management for your module and its items.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

higgsy

336 posts
Registered:
05 Aug 2010

19 Nov 2010
Link to this post
Hi Ivan,

I definitely do not want users to access sitefinity. I am writing a form on the front end, and using the ContentManager I should be able to use the Content Manager, get the record which matches the logged in user and then update the record - this was the advice I was given previously in the forum. Does that make sense?

So to acheive this I want them to login to /members/ - is this not possible? It's really importan tthey do not have access to the /sitefinity directotyr.

Thanks
higgsy
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

19 Nov 2010
Link to this post
Hello higgsy,

You can authenticate the users before they reach your form and bind the public user control depending on the role of this user.

Regards,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
higgsy

336 posts
Registered:
05 Aug 2010

19 Nov 2010
Link to this post
Hi Ivan,

Could you provide a little more information than that, in particular:

1) sitefinity already adds a Forms configuration element:

<forms name=".ASPNET" loginUrl="~/sitefinity/login.aspx" protection="All" timeout="1440" path="/"/>

Can I add an additional configuration element for:

<forms name=".Members" loginUrl="~/members/login.aspx" protection="All" timeout="1440" path="/"/>

2) The module itself has a metafield which is username. Therefore on the public user control I should be able to use the ContentManager, filter on records that have a Username metafield equal to the currently logged in user, then when the user updates the information I can set the content to stagedcontent so that it appears within the SiteFinity module as "Awaiting approval". Does that seem correct? I am basing this on a previous conversation we have had on the forum.

Thanks
higgsy
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

22 Nov 2010
Link to this post
Hello higgsy,

1. You cannot add two forms elements in the web.config
2. You can use MetaSearchInfo filter which allows you to filter by any metakey you have created. Then get the content (or create it by using ContentManager class) and use the workflow API to send it for approval and then approve it.

Sincerely yours,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
higgsy

336 posts
Registered:
05 Aug 2010

22 Nov 2010
Link to this post
Hi Ivan,

Thanks for the response - question 1 was a silly question, apologies!

I have got the solution working by doing the following:

1) On the /members/ page I have added the SiteFinity login control

2) Each page under /members/ I have disabled anonymous access (via the sitefinity admin interface)

3) On the /members/my-profile.aspx I have used the contentmanager and workflow API - works perfectly.

I do however have a couple of final questions.

1) If a user accesses /members/my-profile.aspx without logging in first they are redirected to /sitefinity/login.aspx?ReturnURL=/members/my-profile.aspx. Is it possible to make any requests for pages under the root of /members/ to use the login control on the /members/ home page - I essentially do not want the users knowing there is a sitefinity admin interface.

2) Is it possible to allow only the "administrators" and "content_editors" roles to login via /sitefinity/login.aspx

Thanks

higgsy
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

22 Nov 2010
Link to this post
Hi higgsy,

1. You could check whether the request is authenticated or not. If the request is not authenticated you can redirect the user to a custom login page, otherwise all requests will go to the page set to loginUrl attribute of authentication node in your web.config. If you want you can change this value, but this will affect the website globally.

2. Go to Administration >> Permissions and deny the CmsAccess for all roles that you do not want to access the backend.

All the best,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
higgsy

336 posts
Registered:
05 Aug 2010

22 Nov 2010
Link to this post
Hi Ivan,

Both perfect responses. I've created a very simple user control which can be dragged onto a page, which checks if the user is loggedin and redirects to a certain page if not.

One last question.

Can I override the code for the SiteFinity Login Control that is available from within the Toolbox? At the moment it doesnt recognise the parameter ReturnUrl, and I also want to do a check on the user trying to login to ensuire they are part of the members role.

Thanks

higgsy
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

22 Nov 2010
Link to this post
Hi higgsy,

Yes you can override the control behavior. The control is located inside Sitefinity/UserControls/Login folder.

Kind regards,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Mart

66 posts
Registered:
10 Aug 2006

01 Dec 2010
Link to this post
Hello Higgsy,

Is it possible to share you solution with us?

Thanks,

Mart
higgsy

336 posts
Registered:
05 Aug 2010

02 Dec 2010
Link to this post
Hi Mart,

No problem. As I am creating a module you will notice the code is all part of a namespace.

AppCode/MemberLogin.cs

using System.Web.Security;

using System.Web.UI.WebControls;

using Telerik.Cms.Web.UI;

using Telerik.Cms.Engine;

using System.Web.UI.HtmlControls;

using Telerik.Workflow;

using System.Web.Profile;

using System.Web.UI;

using System.ComponentModel;

using System;

namespace App_Code.Modules.Members.MembersModule.WebControls.Public {

    /// <summary>

    /// Summary description for MemberLogin

    /// </summary>

    public class MemberLogin : SimpleControl {



        public MemberLogin() {}

        #region Fields

        private string _strSectionHyperLink;

        #endregion

        #region Properties

        public override string LayoutTemplatePath {

            get { return "~/lib/controls/membersModule/frontend/MemberLogin.ascx"; }

        }

        [Category("Misc")]

        [Description("Select the page this section should link to")]

        [DisplayName("Page: ")]

        [WebEditor("Telerik.Cms.Web.UI.CmsUrlWebEditor, Telerik.Cms")]

        public string sectionHyperlink {

            get {

                return this._strSectionHyperLink;

            }

            set {

                this._strSectionHyperLink = value;

            }

        }

        #endregion

        #region Method_Overrides

        protected override void InitializeControls(System.Web.UI.Control controlContainer) {

            //set login control properties

            this.oLogin.DestinationPageUrl = this.Context.Request.QueryString["ReturnUrl"];

            this.oPasswordRecoveryHyperlink.NavigateUrl = this._strSectionHyperLink;

            this.oPasswordRecoveryHyperlink.Text = "Retrieve password";

            this.oLogin.LoginError += new System.EventHandler(oLogin_LoginError);

            base.InitializeControls(controlContainer);

        }

        //this simple piece of code prevents the composite control from creating a <span></span> wrapper

        protected override void Render(HtmlTextWriter writer) {

            RenderContents(writer);

        }

        protected override void OnLoad(System.EventArgs e) {

            base.OnLoad(e);

            //add css and js to head of document

            HtmlLink oUniFormCss = new HtmlLink();

            oUniFormCss.Attributes.Add("href", "/lib/plugins/uni-form/css/uni-form.css");

            oUniFormCss.Attributes.Add("rel", "stylesheet");

            oUniFormCss.Attributes.Add("type", "text/css");

            oUniFormCss.Attributes.Add("charset", "utf-8");

            oUniFormCss.Attributes.Add("media", "screen");

            this.Page.Header.Controls.Add(oUniFormCss);

            HtmlLink oUniFormDefaultCss = new HtmlLink();

            oUniFormDefaultCss.Attributes.Add("href", "/lib/plugins/uni-form/css/default.uni-form.css");

            oUniFormDefaultCss.Attributes.Add("rel", "stylesheet");

            oUniFormDefaultCss.Attributes.Add("type", "text/css");

            oUniFormDefaultCss.Attributes.Add("charset", "utf-8");

            oUniFormDefaultCss.Attributes.Add("media", "screen");

            this.Page.Header.Controls.Add(oUniFormDefaultCss);

        }

        void oLogin_LoginError(object sender, System.EventArgs e) {

            HtmlGenericControl oMessageContainer = new HtmlGenericControl();

            oMessageContainer.TagName = "p";

            oMessageContainer.Attributes.Add("class", "fontRed");

            oMessageContainer.InnerText = this.oLogin.FailureText;

            this.Controls.Add(oMessageContainer);



            //add the control to the page

            this.oLoginMessagePlaceHolder.Controls.Add(oMessageContainer);

        }

        #endregion

        #region Virtual_Controls

        protected virtual Login oLogin {

            get {

                return base.Container.GetControl<Login>("Login1", true);

            }

        }

        protected virtual PlaceHolder oLoginMessagePlaceHolder {

            get {

                return this.oLogin.FindControl("plhLoginMessage") as PlaceHolder;

            }

        }

        protected virtual Literal oFailureTextLiteral {

            get {

                return this.oLogin.FindControl("FailureText") as Literal;

            }

        }

        protected virtual HyperLink oPasswordRecoveryHyperlink {

            get {

                return this.oLogin.FindControl("hplPasswordRecovery") as HyperLink;

            }

        }

        #endregion

    }

}

MemberLogin.ascx

<%@ Control Language="C#" ClassName="MemberLogin" %>

<asp:Login ID="Login1" runat="server">

    <LayoutTemplate>

        <h3>Login</h3>

        <asp:PlaceHolder ID="plhLoginMessage" runat="server" />

        <div class="uniForm">

            <fieldset>

                <div class="ctrlHolder">

                    <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">User Name:</asp:Label>

                    <asp:TextBox ID="UserName" runat="server" CssClass="textInput"></asp:TextBox>

                    <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" ErrorMessage="* required" ToolTip="User Name is required."></asp:RequiredFieldValidator>

                </div>

                <div class="ctrlHolder">

                    <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">Password:</asp:Label>

                    <asp:TextBox ID="Password" runat="server" TextMode="Password" CssClass="textInput"></asp:TextBox>

                    <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" ErrorMessage="* required" ToolTip="Password is required."></asp:RequiredFieldValidator>

                </div>

                <div class="ctrlHolder">

                    <asp:CheckBox ID="RememberMe" runat="server" Text="Remember me next time." />

                </div>

                <asp:Literal ID="FailureText" runat="server" EnableViewState="False" Visible="false"></asp:Literal>

                <div class="buttonHolder">

                    <asp:Button ID="btnUpdateProfile" runat="server" CommandName="Login" Text="Log in" CssClass="primaryAction secondaryAction" />

                </div>

                <p><asp:HyperLink ID="hplPasswordRecovery" runat="server" Text="Forgotten password" /></p>

            </fieldset>

        </div>

    </LayoutTemplate>

</asp:Login>

And then I have made this control available within the ToolBox, so:

using Telerik.Web;

using App_Code.Modules.Members.MembersModule.WebControls.Public;

namespace App_Code.Modules.Members.MembersModule.WebControls.Admin {

    /// <summary>

    /// Represents a toolbox item for NewsArchive control.

    /// </summary>

    public class MembersLoginToolboxItem : ToolboxItem {

        public MembersLoginToolboxItem()

            : base(typeof(App_Code.Modules.Members.MembersModule.WebControls.Public.MemberLogin)) {

            base.Section = "Members";

            base.DisplayName = "Members Login";

            base.Description = "Control that displays case studies within a tabbed format.";

        }

    }

}

And from the your module you will need to invoke the toolboxitem:

public override IList<IToolboxItem> Controls

        {

            get

            {

                return new List<IToolboxItem> { new Members.MembersModule.WebControls.Admin.MembersLoginToolboxItem() };

            }

        }

Hope this helps.

higgsy
Mart

66 posts
Registered:
10 Aug 2006

03 Dec 2010
Link to this post
Hello Higgsy,

Thanks for sharing the code with us.
I try to make a site in which yoy can create pages with custom content per user
Maybe you have any suggestions on how to do this?

Thanks again,

Mart

p.s. If you have a ready made module / solution I will pay a donation to you for it
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017

03 Dec 2010
Link to this post
Hello Mart,

You can try something similar to Roles Selector and hiding control based on user's roles

Kind regards,
Ivan Dimitrov
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Mart

66 posts
Registered:
10 Aug 2006

03 Dec 2010
Link to this post
Hello Ivan,

Thanks for your response.
I have seen this direction but the text in the control / page needs to be specific for each user.
so I need extra datafields and maybe an extra table in the database which i have to make acces to.
As dataacces in sitefinity is realy difficult (not just make a connection to database, create a datareader etc.) I need some help here

I you can help me please help

Yours,

Mart
higgsy

336 posts
Registered:
05 Aug 2010

03 Dec 2010
Link to this post
Matt,

Do you mean you want users to be able to login to the CMS, or are you saying that when people are logged in to the public side of the website you want them to see custom content depending on who they are? There's a huge difference between the two options.

higgsy
Mart

66 posts
Registered:
10 Aug 2006

03 Dec 2010
Link to this post
Hello Higgsy,

I want people who logged in to have specific information displayed based on their useraccount on certain pages.
which eventially they can change themselves. I do not want to use metafields but records from sql-database
So when person A is logged in het sees a page with text: "blah blah"
And when person B is logged in she sees a page with text "thank you very much "

Hope you can help me,

Mart
higgsy

336 posts
Registered:
05 Aug 2010

03 Dec 2010
Link to this post
Matt,

Ok, so by logged in do you mean you are adding a login control to the website, or do you mean logged in to sitefinity?

If you mean the first option i.e. the user is logging in to a page on your website (not sitefinity), then the solution is quite simple.

The content in the custom tables in your database needs to have a column that records userID. The user control on the front end website then needs to look at:

Membership.GetUser().ProviderUserKey - which is the UserID field, and then run a Linq query to match the content in the database based on the UserID field. Make sense?

higgsy
Mart

66 posts
Registered:
10 Aug 2006

03 Dec 2010
Link to this post
Higgsy,

I use sitefinity as a framework. The pages are created in sitefinity. I use the logincontrol of sitefinity but there is no need for the users to login on the backend I suppose unless they want to change the records isn't it?

Mart

19 posts, 0 answered

Authorization Cancel

Support Resources

Tools

Sitefinity Professional Services