Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I have a folder with static content, in this case HTMLs and images which comprise activity logs, which I want to give the customer access to.
I'm really stuck on how I can utilize the UsersMembershipProvider to limit access to this folder. Using Members isn't really an option, as the site currently has no members, and the content isn't really meant for members anyway, but for admins who already have a backend login.
Any pointers on how to achieve this?
It sounds like creating a custom section (https://our.umbraco.com/Documentation/Extending/Section-Trees/sections) where you could create a controller that could serve the files
Not really trying to integrate it with the rest of the backend, though. Just a bunch of static HTML files that can be viewed directly in a browser.
The loginform for the users would be umbraco.
I would suggest adding a web.config file to the folder, enforce that static files (the html files) are served via asp.net and not the IIS directly:
<modules runAllManagedModulesForAllRequests="true" />
Then setup the auth to use umbraco as the login
<forms name="yourAuthCookie" loginUrl="/umbraco" protection="All" path="/" />
And change the default membership provider:
<membership defaultProvider="UsersMembershipProvider" />
I haven't tried the stuff above, but that would be the first attempt I would have at it :)
I tried that. It's necessary to set it at root level, because <authentication> and membership/providers can't be set below that level.
But even with this line:
<forms name="yourAuthCookie" loginUrl="/umbraco/#/login/false" protection="All" path="/" />
it fails. First ASP.NET defaults to passing the return URL as ReturnUrl, while Umbraco uses returnPath. So after login, I'm not getting passed back to the protected folder.
The default login form also doesn't use the "normal" authentication cookie. It seems it is passing user information in the UMB_UCONTEXT cookie.
So even after login, the protected folder will just redirect back to the login form.
Any ideas on this?
Most of the reason for suggesting making a section :-)
Not really, they're still standalone HTMLs that do not integrate well with the rest of the backend GUI.
The only other method I could think of would be to make a module that checks all requests for authentication. And then either redirects to the login form with the right returnPath parameter appended, or serves the files if a user was authenticated. Which feels a bit hack-ish.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted