I am having a problem securing pages within a simple site.
I create a simple site with the following simple structure, using just the default site setting and single membership/role providers:
All the pages are visible to annonymous apart from privatepage.aspx and veryprivate.aspx.
The logon page was created by simply dragging in the logon control from the available login controls within the admin system onto a new page.
I have two users, administrator and bob. bob is not a member of any roles, he's just a test user.
After denying anoymous access to the two private pages i do not initally give the role 'everyone' a view permission. So at this point nobody should view these pages.
If i now view my site my navigation shows links to three pages
this seems fine. If i try to access one of the private pages directly I am redirected to the page :
If i now log on with the account bob I receive the error '
This type of page is not served.
This is fine as have not given 'everyone' permission to access this page.
However if i instead visit 'login.aspx' and use the login usercontrol to login with the same account 'bob', I can access any of the private pages.
It seems if i use the /sitefinity/login.aspx page to login evrything works as expected, but if i use a page created in the cms which contains the login control i seem to have the ability to access any page i like, regardless of permissions.
I also noticed if i return to the admin and give one of the private pages 'everyone' view permission, when i then log into the site through the /sitefinity/login.aspx page , this page is now added to my navigation. I will now see:
however if i login using the login.aspx page with the account bob i still only see the links in the navigation:
however i can still access both privatepage.aspx and veryprivatepage.aspx
if i type them in directly.
Is this a bug with the login usercontrol or am i using it incorrectly somehow?
Sorry for repost , posted same query in the bug section a few days ago, but not received any replys.