We need the entire site to require authentication, users must login. Except for a handful of utility pages that must remain available for anonymous users, such as robots.txt, the page not found and the login and access denied pages. The standard public access permissions apply to the root on down. There is no way to exclude or override public access.
Do we put those pages outside the root? Do we flip things on its head and make the home page a login and then lock down pages underneath?
I can suggest one more approach that can ensure your current workflow can work fine.
In your case, you can have a defaultController that renders all the pages to use MemberAuthorizeAttribute. This will restrict all the pages to be authenticated or redirect to login page.
For Login, robot, Register, page not found, etc pages you can use their own controller without MemberAuthorizeAttribute. This will make these pages annonymous.
Require login for entire site, except a few pages
We need the entire site to require authentication, users must login. Except for a handful of utility pages that must remain available for anonymous users, such as robots.txt, the page not found and the login and access denied pages. The standard public access permissions apply to the root on down. There is no way to exclude or override public access.
Do we put those pages outside the root? Do we flip things on its head and make the home page a login and then lock down pages underneath?
Hi Connie,
I can suggest one more approach that can ensure your current workflow can work fine.
In your case, you can have a defaultController that renders all the pages to use MemberAuthorizeAttribute. This will restrict all the pages to be authenticated or redirect to login page.
For Login, robot, Register, page not found, etc pages you can use their own controller without MemberAuthorizeAttribute. This will make these pages annonymous.
How to setup Default Controller? https://our.umbraco.com/documentation/implementation/default-routing/Controller-Selection/
Umbraco Code for MemberAuthorizeAttribute https://github.com/umbraco/Umbraco-CMS/blob/7ee510ed386495120666a78c61497f58ff05de8f/src/Umbraco.Web/WebApi/MemberAuthorizeAttribute.cs
Hope that helps.
Regards,
Shaishav
is working on a reply...