More in this section

Forums / Developing with Sitefinity / Membershipt problems with secure child page

Membershipt problems with secure child page

5 posts, 0 answered
  1. bnye
    bnye avatar
    332 posts
    Registered:
    22 Sep 2005
    04 Dec 2008
    Link to this post
    I think I found a pretty serious problem with the Membership model. Well serious is relative. Its not a deal breaker. An "Anonymous Denied" page that is a child of any other page (page group or not) cannot be secured throughout a session with the Sitefinity membership. Here is how to reproduce the problem.

    1. create a page structure with at least one parent and child page.
    2. create a role that will be used for public users to access that child page.
    3. Deny anonymous access on the child page.
    4. Allow view access to the role that you created on the child page.
    5. Login to Sitefinity admin area or a login control.
    6. Logout of Sitefinity or logout using a login view control
    7. Navigate to your secured child page, Its no longer secure for that session.

    If you close the browser and then try navigate to your secure child page it will be denied and you'll be redirected to the login page specified in the web.config as intended.

    Thanks,

    Ben
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    05 Dec 2008
    Link to this post
    Hi bnye,

    Thank you for contacting us.

    I think that this is a browser cache that has left. What happens if you click Ctrl + F5? I am sure that you will be redirected to the login page. In IE, if you go to Internet Options >> General >> Browsing History >> Setings  you can the browser to checks for newer versions of the page every time you start the browser.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
  3. bnye
    bnye avatar
    332 posts
    Registered:
    22 Sep 2005
    05 Dec 2008
    Link to this post
    Are you sure its a browser cache issue? Strange that all other "Deny Anonymous" pages would not have this problem. Only a secured page directly below another page in the page hierarchy.

    Parent
    -Secure Child 1
    -Secure Child 2

    1. create a page structure with a Parent and two children as shown above.
    2. create a role that will be used for public users to access both child pages.
    3. Deny anonymous access to both child pages.
    4. Allow view access to the role that you created on both child pages.
    5. Login to Sitefinity admin area or a login control.
    6. Logout of Sitefinity or logout using a login view control
    7. Navigate to "Secure Child 1", Its no longer secure for that session.
    8. Navigate to "Secure Child 2", it redirects you to the login page as desired.

    Maybe its just me but this seems like strange behavior. Also it would be difficult to tell users to change their browser settings. ;-)

    Sincerely,

    Ben
  4. bnye
    bnye avatar
    332 posts
    Registered:
    22 Sep 2005
    07 Dec 2008
    Link to this post
    As usual Ivan you are correct. If you simply add the following to a control on your secure pages you can guarantee that the cache is cleared.

    If Not Me.Page.IsPostBack Then 
       With Response.Cache  
            .SetCacheability(HttpCacheability.NoCache)  
            .SetSlidingExpiration(True)  
            .SetExpires(DateTime.Now)  
       End With 
    End If 

     
    Thanks for pointing me in the right direction.

    Ben

  5. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    08 Dec 2008
    Link to this post
    Hello bnye,

    Thank you for getting back to me.

    When use Forms Authentication browser caches the secured pages. The user is only looking at local copies of pages they viewed while previously logged in.
    I am glad to gear that everything is fine at you and. Thank you for your feedback and fell free to post your comments in our forums. Thus, other community members will be able to find a solution to their problems.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Register for webinar
5 posts, 0 answered