Be aware of using user controls in umbraco templates used by pages that you are protecting with public access feature!
Have tried this in both 4.0.3 and 4.6
Create an template with name "Test", and add an macro to the template (like a usercontrol with a form)
Create an page structure, and configure one of the sub pages to use the Test template.
Protect the sub page (with Test template) with public accesss feature.
If you try to access the page with the page name, then you are sent to an login page (If this is configured), but
if you access the template like http://domain.com/test.aspx (template name + .aspx) the template shows as a page and renders the user control (This is bad if the user control contains some kind of input)
Have your user control do the security checking also, and don't do anything (or redirect to login page) if he's not a member and/or not in a specific member role. All those security precautions can be set through the standard asp.net membership api
Because when a page is not found, it'll use the not found handlers which matches first (in this case the alternative template not found handler based on last part of the url) and doesn't worry anymore on what page the template is applied to
Possible to access templates directly
Be aware of using user controls in umbraco templates used by pages that you are protecting with public access feature!
Have tried this in both 4.0.3 and 4.6
Have your user control do the security checking also, and don't do anything (or redirect to login page) if he's not a member and/or not in a specific member role. All those security precautions can be set through the standard asp.net membership api
Cheers,
/Dirk
Yes I agree with that you shuld do the security check in the user controls.
But why is it possible to access the templates from the root of the site?
Because when a page is not found, it'll use the not found handlers which matches first (in this case the alternative template not found handler based on last part of the url) and doesn't worry anymore on what page the template is applied to
Does that explain it for you?
Cheers,
/Dirk
Yes, I prevented this behavior by removing the <notFound assembly="umbraco" type="SearchForTemplate"/> in the 404handersconfig.
/Jonas
is working on a reply...