More in this section

Forums / Set-up & Installation / Website User

Website User

2 posts, 0 answered
  1. Jason
    Jason avatar
    18 posts
    23 Jun 2006
    06 Aug 2007
    Link to this post
       Guys, we are working a sitefinity site and want some users to have ONLY website access.

    There are options in Sitefinity to not allow them to edit, admin, etc. BUT, even without those settings they can still log into the backend and modify their password, etc.

    how can we make them ONLY a website user, with a login ON the site, for protected pages.

    Basically, we don't want them to go to /Sitefinity and login as a CMS user!

  2. Yasen
    Yasen avatar
    121 posts
    18 May 2013
    07 Aug 2007
    Link to this post
    Hi Jason,

    We are working on this kind of functionality for the next Sitefinity release. We are planning to include multiple role/membership providers and controls for public user authentication separate from the administration part. Unfortunately, for Sitefinity 3.0 you can't achieve this without writing code.

    However, it is possible for you to manage public users using the default providers set in the web.config. There should be no problem for you to add login controls in the public pages for authentication.

    A way to prevent public users from visiting the administration section is to use roles. You can write a custom http module that stops users (who are authenticated, but not in any admin role) from visiting the admin part.

    Here is an example of such module that stops users who are not in any role, it simply throws an Access Denied exception:

    1 using Telerik.Framework;  
    2 using Telerik.Cms.Web;  
    3 using Telerik.Security;  
    4 using System;  
    5 using System.Web;  
    7 public class CustomHttpModule : IHttpModule  
    8 {  
    9     public void Dispose()  
    10     {  
    11     }  
    12     public void Init(HttpApplication context)  
    13     {  
    14         context.PostAuthenticateRequest += new EventHandler(context_PostAuthenticateRequest);      
    15     }  
    17     private void context_PostAuthenticateRequest(object sender, EventArgs e)  
    18     {  
    19         System.Security.Principal.IPrincipal user = HttpContext.Current.User;  
    20         string path = HttpContext.Current.Request.Path.ToLower();  
    22         if (path.StartsWith(UrlHelper.LowerAdminPath) && user.Identity.IsAuthenticated)  
    23         {  
    24             if (UserManager.Default.GetRolesForUser(user.Identity.Name).Length == 0)  
    25                 throw new HttpException(403, "Access denied");  
    26         }  
    27     }  

    All the best,
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
2 posts, 0 answered