Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alec Griffiths 129 posts 151 karma points
    Feb 02, 2009 @ 17:33
    Alec Griffiths
    0

    Server side XSLT redirection

    We would like to redirect using XSLT server side depending on the users IP address. This is a simple access restriction that does not use logged on members or simple security.

    We have a method of checking the users IP address against a list of allowed IP addresses and filters for a page or one its ancestors and JavaScript client side redirection that works. However client side redirection is not secure in the way we would like it.

    I am thinking this might be achievable by using a template called 'checkclientaccess' that the existing master template inherits from and decides how to implement the TEMPLATELOAD_CHILD/> macro.

    Any ideas would be much help.

  • Soeren Sprogoe 575 posts 259 karma points
    Feb 02, 2009 @ 22:51
    Soeren Sprogoe
    1

    How about a combination of server and client side redirecting?

    Something like this:
    [code]

    <script type="text/javascript">document.location.href='/private-area.aspx';</script>


    [/code]
    (note: Code is done on the top of my head, not tested at all)

    Although the redirect itself is client side, the check is done server side and the redirect is only shown in the output if the visitor comes from a "secure" location.

    This would be the easiest and simplest way to do it. Otherwise you'd have to write a UserControl or some sort of XSLT redirect extension.

    /SoerenS

  • Ismail Mayat 4511 posts 10092 karma points MVP 2x admin c-trib
    Feb 03, 2009 @ 09:52
    Ismail Mayat
    1

    Guys,

    If you are using v4 then you can do inline C# in the template and do the redirection that way. The issue with javascript redirection is if browser has it turned off then you wont get redirection.

    [code]


    <script runat="server"><br />
    void Page_Load(object sender, System.EventArgs ea) {<br />
            <br />
    //test and redirect here<br />
                <br />
    }<br />
    </script>


    [/code]

    Regards

    Ismail

  • Alec Griffiths 129 posts 151 karma points
    Feb 03, 2009 @ 17:40
    Alec Griffiths
    0

    Yes Ismail you are correct I need to do this at the server not the browser because people can get round this but we are not on v4 yet. we will make another control

  • Alec Griffiths 129 posts 151 karma points
    Feb 04, 2009 @ 12:30
    Alec Griffiths
    2

    ha ha got it.

    Can be done in the xslt using inline server code.
    For referance here is the code. Requires a doc type
    1) Macro needs to be in the template header
    2) Example below is more complex than it needs to be as it uses a method we use for applying settings to content pages and content node trees but alows us to restrict editor access to those pages (this requires several special doc types that are not pages just settings place holders..) basicaly the affectingIPGroups is an xml list of IP addresses that can access the page if it is protected.
    [code]


    version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:msxsl="urn:schemas-microsoft-com:xslt"
    xmlns:vb="urn:the-xml-files:xslt-vb"
    xmlns:umbraco.library="urn:umbraco.library"
    exclude-result-prefixes="umbraco.library">
















    [/code]

  • Alec Griffiths 129 posts 151 karma points
    Sep 24, 2009 @ 00:08
    Alec Griffiths
    0

    i clicked solve on the wrong post never mind have some karma

     

  • Connie DeCinko 931 posts 1160 karma points
    Aug 03, 2010 @ 17:58
    Connie DeCinko
    0

    Is there a C# version instead of VB?

     

Please Sign in or register to post replies

Write your reply to:

Draft