Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jan A 63 posts 268 karma points
    Aug 08, 2018 @ 12:52
    Jan A
    0

    Login page for SurfaceController

    I have created a surfaceontroller and want to verify that the member is logged in when calling it.

    The way I found I could do this is to add a [MemberAuthorize] attribute to the function. Now the surface controller returns this instead

    Server Error in '/' Application.

This type of page is not served. 
  Description: The type of page you have requested is not served because it has been explicitly forbidden.     Please review the URL below and make sure that it is spelled correctly. 

 Requested URL: /umbraco/RenderMvc

    What I wanted was to go to the loginurl presented in web.config Is there any way I can do this?

    Copy Link
  • Louis Ferreira 69 posts 265 karma points
    Aug 08, 2018 @ 14:30
    Louis Ferreira
    0

    Hi Jan,

    I think the problem is that you are using a SurfaceController (which is not authenticated). Try using UmbracoAuthorizedApiController instead.

    Also see: https://our.umbraco.com/documentation/reference/routing/Authorized/#special-back-office-routes-for-user-authentication

    Louis

    Copy Link
  • Jan A 63 posts 268 karma points
    Aug 08, 2018 @ 14:32
    Jan A
    0

    Isn't that only for backoffice? I want to check for member, not users

    Copy Link
  • Louis Ferreira 69 posts 265 karma points
    Aug 08, 2018 @ 14:44
    Louis Ferreira
    0

    Ok,

    You can try something like this (found on SO)

    var userTicket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
if (userTicket != null)
{
    var currentUser = ApplicationContext.Services.UserService.GetByUsername(userTicket.Name);
    if (!currentUser.Groups.Any(x => x.Alias.Equals("admin")))
    {
        // Do something if the user is not an admin
        Response.Redirect("~/");
    }
    else {
        FormsAuthentication.RedirectToLoginPage();
    }
}
    Copy Link
  • Jan A 63 posts 268 karma points
    Aug 09, 2018 @ 07:59
    Jan A
    100

    Ended up doing my own attribute

    public class MemberLoginAuthorize : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext) 
    {
        var user = System.Web.Security.Membership.GetUser();

        if (user == null || user.UserName == "") {
            filterContext.Result = new RedirectResult("~/");
        }
        else {
           var member = ApplicationContext.Current.Services.MemberService.GetByUsername(user.UserName);

          if (member == null)
              filterContext.Result = new RedirectResult("~/");   // todo: redirect to url set in web.config form tag
        }
    }
}
    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft