Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Magnus Olsson 25 posts 71 karma points
    Jan 04, 2013 @ 13:21
    Magnus Olsson
    0

    Password protect test site

    Hi,

    I'm working on a site on my localhost (IIS Express) and the site has a few Public Access protected subfolders for selected Member Groups. I use the standard asp:LoginView, LoginStatus controls and all this works great on my dev machine.

    Moving this to a stage server I need to password protect the entire website. So I created a windows account on the server, set permissions on the website folder and files and enabled Basic Auth in IIS. Now when I access it it prompts me for my windows account credentials and when userr/pass is entered it lets me in.

    However the Public Access protection in Umbraco seems to get sidestepped. When I try to access a "protected" subfolder I immediately get the content served and the asp:LoginName control displays my COMPUTER\USERNAME account name. (It is also impossible to logout via the asp:LoginStatus logout link.)

    Is it not possible to have IIS Basic Auth ontop of Umbraco Public Access feature? If not, how should I set this up?

    Thanks in advance
    Magnus

     

  • Jan Skovgaard 11280 posts 23678 karma points MVP 10x admin c-trib
    Jan 05, 2013 @ 12:54
    Jan Skovgaard
    0

    Hi Magnus

    I'm wondering why you need to password protect the stage server? Is it to avoid that the site is being indexed or accessed by people whom it does not concern etc.?

    /Jan

  • Magnus Olsson 25 posts 71 karma points
    Jan 06, 2013 @ 21:05
    Magnus Olsson
    0

    Hi Jan,

    It's to only let a select few access the site at this point in time.

    /Magnus

     

     

  • Tom 4 posts 24 karma points
    Mar 26, 2014 @ 17:42
    Tom
    0

    Hi,

    How did you get on with this? I am trying to achieve the same.

  • Dennis Aaen 4499 posts 18254 karma points admin hq c-trib
    Mar 26, 2014 @ 18:40
    Dennis Aaen
    0

    Hi Tom,

    Could it be a possible solution to you setting up IP address restrictions, on the sites in the IIS manager. I must admit that I haven't tried it myself, but I've seen similar recommendations, for restrict access to the Umbraco backoffice url.

    http://www.iis.net/configreference/system.webserver/security/ipsecurity

    Here is a another guide with some screenshots,

    http://www.hrzdata.com/node/46

    Hope this could be a solution for you, and can help you further.

    /Dennis

  • Magnus Olsson 25 posts 71 karma points
    Mar 27, 2014 @ 18:05
    Magnus Olsson
    0

    Unfortunately, I did not manage to solve this in a good way. 

    The solution of restricting access by IP was not a good option for us since the stage (demo) site was to be accessed by people on the road. Accessing it from various addresses (mobile operators, hotel and conference facility WIFI etc)

    //Magnus

  • Tom 4 posts 24 karma points
    Mar 28, 2014 @ 09:48
  • Magnus Olsson 25 posts 71 karma points
    Mar 28, 2014 @ 10:02
    Magnus Olsson
    0

    Hi Tom,

    That would also not solve our problem. That would enable for Members to login. We kinda needed a sitewide block, so that in reality only people that actually also could log into backoffice as Users could reach the front page in the first place.

    Our issue was that only some of our client's employees should be able to access the staging site from various locations while we were developing the site. When putting up content, not yet public information and/or products could appear there. And no outsider could be allowed to view this content.

    And we were trying for a way to do this by config, not by code only to be run on a certain server. 

    //Magnus

     

     

  • Martin 114 posts 313 karma points
    May 09, 2015 @ 10:13
    Martin
    0

    Hi Magnus,

    I just wonder if you have found a solution. I am looking for the same thing as you.

    / Martin

  • Magnus Olsson 25 posts 71 karma points
    May 11, 2015 @ 06:37
    Magnus Olsson
    0

    Martin,

    Unfortunately I never managed to figure that one out. This was a few years ago so maybe there is some way, but since you are posting in this thread I assume that this is still a thing.

    Regards,
    Magnus 

  • Martin 114 posts 313 karma points
    May 12, 2015 @ 22:01
    Martin
    0

    Hi Magnus,

    I used a rather simple approach and placed it as a partial view in my main layout template. I check for the UserHostAdress and if it not in my "case list", I throw a 404 exception.

    @{
        var clientIp = Request.UserHostAddress;
    
    // "::1"  is localhost
    
    switch(clientIp)
    {
        case "::1":
            //<p>Localhost</p>
            break;
        case "127.0.0.1":
            //<p>Localhost</p>
            break;
        default:
             throw new HttpException(404,"not found");      
    }
    }
    
Please Sign in or register to post replies

Write your reply to:

Draft