The idea is to stop anonymous users from accessing any pages in the site until the login.
Now when I navigate to a page on the site, as a non-authenticated user, I'm redirected to the "login.aspx" page. However, the page contains no styling at all, just the basic HTML layout.
After I login, I then manually navigate to the "logout.aspx" page and log myself out. In doing this, I'm redirected to the site's login page. This time the page does look styled and formatted as expected.
I did a network trace of each scenario. First, here's an edited summary of the "login.aspx" navigation:
There is a difference between the two, and I'm asking for help from someone who can explain how I should configure my site, so that the login.aspx page looks as it should, regardless of how it is accessed.
So for each location, add one of those blocks and just set the path accordingly.
Alternatively, if you are just creating a regular umbraco site, ie, aren't integrating with anything else, you could set that back to the default, and just use thep ublic access feature instead? This is baked into umbraco so in the back office, if you set a section of the site to be protected (right click the node, and choose public access) it'll block people from accessing it untill authenticated.
I'm altering the web.config file to include location specific security configs like so:
<configuration>
<location path="~/css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<configSections>
... rest of file
When I navigate to the site I get the following error:
HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.
The error page has the <configSections> element highlighted in red, so it doesn't like the <location> element being next to it (?).
I've Google'd around on how to use the <location> element and I can't see what I'm doing wrong - there's no mention of not allowed to put a <location> element next to the <configSections>.
This is the default setting for Umbraco. You currently have it set to deny... change it to allow. I assume you are using the public access features of Umbraco?
Let me qualify my last post and how I would make it work to achieve what you are after.
To deny access to the site, set the public access to the member group that you want on the root of the tree. You will have to have your login outside of main tree because you need to be able to access it.
so make the tree looked something like this.
Content |-Home (protected with public access to the group you want to give access) | |-all the sub pages will be protected | |-etc etc etc |-Login (outside the home tree and not protected)
This will stop Annoymous access but you will have access to images and CSS as you are not explicitly denying access but denying based on configuration in Umbraco.
I would agree with Peter that this is the better / umbraco way to do it.
The only time I would think you would need to do what you are currently doing, is if you were integrating with someother .NET app on the same install. In which case, the location element should be what you need.
A colleague of mine had a copy of access.config, which contained numerous permission setting configured. I got a copy of that file and tried it in my local version of the Umbraco site and it worked fine.
As a anonymous user, I cannot view anything on the site until I've logged in. I remove the <deny users.... setting back to <allow.
Many, many thanks for all your help with this. Much appreciated.
Forms Authentication - Login.aspx page has not styling applied.
In the web.config settings for our site, we have the following defined for authentication:
The idea is to stop anonymous users from accessing any pages in the site until the login.
Now when I navigate to a page on the site, as a non-authenticated user, I'm redirected to the "login.aspx" page. However, the page contains no styling at all, just the basic HTML layout.
After I login, I then manually navigate to the "logout.aspx" page and log myself out. In doing this, I'm redirected to the site's login page. This time the page does look styled and formatted as expected.
I did a network trace of each scenario. First, here's an edited summary of the "login.aspx" navigation:
Here is the edit trace for the "login.aspx" which I was redirected to after loggin out:
There is a difference between the two, and I'm asking for help from someone who can explain how I should configure my site, so that the login.aspx page looks as it should, regardless of how it is accessed.
What version of Umbraco are you working with?
Hi Jason,
It looks like the forms auth is also securing your css / images folder for some reason.
You can add overrides for the css / images / etc folders to allow anonymous access by adding the following to your web.config
<location path="<RELATIVE_PATH_OF_YOUR_RESOURCE_FILES>"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>So for each location, add one of those blocks and just set the path accordingly.
Alternatively, if you are just creating a regular umbraco site, ie, aren't integrating with anything else, you could set that back to the default, and just use thep ublic access feature instead? This is baked into umbraco so in the back office, if you set a section of the site to be protected (right click the node, and choose public access) it'll block people from accessing it untill authenticated.
Hope this helps.
Matt
@Peter - We are currently using Umbraco version 4.7.2
@Matt - Thanks for that suggestion. I'm going to have a look at applying it now, will let you guys know how it works out :)
I'm altering the web.config file to include location specific security configs like so:
<configuration>
<location path="~/css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<configSections>
... rest of file
When I navigate to the site I get the following error:
The error page has the <configSections> element highlighted in red, so it doesn't like the <location> element being next to it (?).
I've Google'd around on how to use the <location> element and I can't see what I'm doing wrong - there's no mention of not allowed to put a <location> element next to the <configSections>.
Can anyone help please?
Maybe try setting the path to ~/css/* and if that doesn't work, maybe try removing the tilda
Matt
This is the default setting for Umbraco. You currently have it set to deny... change it to allow. I assume you are using the public access features of Umbraco?
Let me qualify my last post and how I would make it work to achieve what you are after.
To deny access to the site, set the public access to the member group that you want on the root of the tree. You will have to have your login outside of main tree because you need to be able to access it.
so make the tree looked something like this.
This will stop Annoymous access but you will have access to images and CSS as you are not explicitly denying access but denying based on configuration in Umbraco.
I would agree with Peter that this is the better / umbraco way to do it.
The only time I would think you would need to do what you are currently doing, is if you were integrating with someother .NET app on the same install. In which case, the location element should be what you need.
Matt
The (simplified) structure of the site is like this:
So we want to allow anyone access to the Login page, but all the sites (Site1, Site2, etc) should only be accessible to logged in users.
Can someone suggest how we could configure this in web.config please?
@Jason
Go with the solution that I suggested and change the web.config to this.
Then follow the instructions that are on this wiki page that explains how public access works.
http://our.umbraco.org/wiki/reference/umbraco-client/context-menus/public-access
I think this will sort your issues out.
I agree with @peter, I think using public access is the way to go. This linke might also help
http://www.mortenbock.dk/blog/2009/04/01/setting-up-membership-in-umbraco.aspx
Matt
A colleague of mine had a copy of access.config, which contained numerous permission setting configured. I got a copy of that file and tried it in my local version of the Umbraco site and it worked fine.
As a anonymous user, I cannot view anything on the site until I've logged in. I remove the <deny users.... setting back to <allow.
Many, many thanks for all your help with this. Much appreciated.
is working on a reply...