Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Connie DeCinko 95 posts 248 karma points
    Sep 06, 2019 @ 15:49
    Connie DeCinko
    0

    Require login for entire site, except a few pages

    We need the entire site to require authentication, users must login. Except for a handful of utility pages that must remain available for anonymous users, such as robots.txt, the page not found and the login and access denied pages. The standard public access permissions apply to the root on down. There is no way to exclude or override public access.

    Do we put those pages outside the root? Do we flip things on its head and make the home page a login and then lock down pages underneath?

    Copy Link
  • Shaishav Karnani from digitallymedia.com 354 posts 1638 karma points
    Sep 07, 2019 @ 07:03
    Shaishav Karnani from digitallymedia.com
    0

    Hi Connie,

    I can suggest one more approach that can ensure your current workflow can work fine.

    In your case, you can have a defaultController that renders all the pages to use MemberAuthorizeAttribute. This will restrict all the pages to be authenticated or redirect to login page.

    For Login, robot, Register, page not found, etc pages you can use their own controller without MemberAuthorizeAttribute. This will make these pages annonymous.

    How to setup Default Controller? https://our.umbraco.com/documentation/implementation/default-routing/Controller-Selection/

    Umbraco Code for MemberAuthorizeAttribute https://github.com/umbraco/Umbraco-CMS/blob/7ee510ed386495120666a78c61497f58ff05de8f/src/Umbraco.Web/WebApi/MemberAuthorizeAttribute.cs

    Hope that helps.

    Regards,

    Shaishav

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies