More in this section

Forums / Developing with Sitefinity / Custom Provider and page access permissions for custom roles and user

Custom Provider and page access permissions for custom roles and user

6 posts, 0 answered
  1. Panos Klaoudatos
    Panos Klaoudatos avatar
    8 posts
    Registered:
    14 Aug 2012
    03 Dec 2008
    Link to this post
    Hi all,

    I have a web application that uses a MS SQL database (which has been updated with the ASP.NET Membership provider tables and functionality).

    I have added the MyAppProvider in sitefinity, so that I can create users and assign them to roles, for that application, from within sitefinity, in MyApp database.

    What I want to do, is to have some 'secure' pages that only the MyAppProvider users will have access to. These pages will be accessible by either all or some specific 'MyAppProvider' roles. For example, some pages will only be accessible by Role1 while others will only be accessible by role2, etc.
    When creating a page, I set page's security to deny anonymous access and then I set Role1 to allow viewing and Role2 to deny viewing (in MyAppProvider)

    Somehow, when I login in as Role1 user, this does not work as either the user has no access, or all users have access to the page.

    Mind you that I have created a pagebase class that inherits from 'InternalPage' and set it accordingly to cmsentrypoint.aspx.

    How can I make this work? Is there a way that I can create a new permissions property (i.e. accessible) for CMS Pages that I can set through sitefinity for the custom roles and then test it against the current logged in user (in my custom pagebase)?


  2. Vlad
    Vlad avatar
    498 posts
    Registered:
    19 Jun 2017
    09 Dec 2008
    Link to this post
    Hello Panos Klaoudatos,

    In Sitefinity 3.5 you have an ability to set page permissions not only per role, but also per provider. So, you should not have any problems to achieve the described from you scenario.
    In order to be able to help you further, we need additional instructions how to reproduce the issue locally. Do you have an online link, which we could access to see the problem? Also we can you send us your web.config file?

    You can open a new support ticket to send us the required information.

    Greetings,
    Vlad
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  3. Bob Pinna
    Bob Pinna avatar
    13 posts
    Registered:
    10 Apr 2005
    24 Dec 2008
    Link to this post
    Vlad,

    I have the same issue.

    Background:

    1. See http://staging.two-homes.com
    2. Two sets of membership/role providers "Public" and "Sitefinity".  Sitefinity for CMS users, Public for members of the community web site.  I have this configured according to the telerik knowledge base article on the subject.
    3. Page http://staging.two-homes.com/Calendar.aspx should require login.  To support this I logged into the Sitefinity UI, went to Pages, selected the Calendar page, selected the permissions tab, selected provider "Public" and set "View" to deny.  I logged out of the CMS and visited the URL expecting to get an access denied message, but I was allowed to see the page.

    I'm happy to provide a CMS login via private email if that helps.

    FYI: What I want to do.

    1. I want the CMS and Public membership databases to be completely
    2. On the public site, there are pages that are viewable by anyone.  There are other pages that require the user to register and login.
    3. The public application is multi-tenant, so for example, a logged in user will only be able to see "their" calendar.

    Best,
    Bob

  4. Vlad
    Vlad avatar
    498 posts
    Registered:
    19 Jun 2017
    29 Dec 2008
    Link to this post
    Hello Bob,

    You haven't mentioned about the Anonymous access page property of the 'Calendar' page. Have you set it to Deny in the Page Properties tab. If so and you still have the problem, could you please send the Web Site login credentials to vladimir.vasilev@telerik.com?

    Sincerely yours,
    Vlad
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  5. Bob Pinna
    Bob Pinna avatar
    13 posts
    Registered:
    10 Apr 2005
    29 Dec 2008
    Link to this post
    Vlad,

    Thank you, I had missed that property.

    So I now have the "Calendar" page configured to deny anonymous access.

    When I navigate to that page, I'm redirected to the Sitefinity login page.  What I would like instead is to redirect to my own login page that is authenticated using my custom public membership provider.  Do I accomplish this with an HttpModule or are there declarative properties that I should be setting?

    Best,
    Bob

  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    30 Dec 2008
    Link to this post
    Hello Bob Pinna,

    You could edit the lines below from your web.config file.

        <authentication mode="Forms">  
          <forms name=".ASPNET" loginUrl="~/CustomLogin.aspx" protection="All" timeout="1440" path="/" /> 
        </authentication> 

    Where CustomLogin.aspx is the page where your login form resides.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Register for webinar
6 posts, 0 answered