Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • bob 19 posts 39 karma points
    Jul 14, 2011 @ 03:31
    bob
    0

    Deny anonymous access

    Hi,

    Apologies if this has been covered but I wasn't able to find any answer to this in the current posts.

    Can I deny anonymous access to a page (or collection of pages). E.g. a member profile page. If a member is not logged in and tries to visit that page I wnat them to be redirected to the login page and after login sent back to the original member-only page.

    I realise that using the 'Public access' functionality in Umbraco I can restrict access for a set of Roles or a specific login, but it doesn't seem to allow for simply denying anonymous access altogether.

    I could use a location element in web.config, but this isn't ideal and I think that I'd also require two entries for each page (one for with a '.aspx' extension and one without). And I also realise that I could check that the current user is authenticated in a page load event and redirect if necessary, but I was hoping to avoid having to do that explicity and just use the CMS.

    So am I missing something and this can be achieved using the CMS?

    Thanks, help is appreciated.

  • Richard Soeteman 4049 posts 12922 karma points MVP 2x
    Jul 14, 2011 @ 08:56
    Richard Soeteman
    0

    Hi,

    You have to use the Public Access functionality indeed to restrict access. The good thing is that you can set public access on the root of your site so every page is protected  in that way. Create a default role you want every member to have. Give the site access to that role and use the event system to assign the default role to the member when it is created.

    Then you have disable anonymous access for the site.

    Cheers,

    Richard

  • bob 19 posts 39 karma points
    Jul 14, 2011 @ 14:14
    bob
    0

    Hi Richard,

    Thanks for taking time to reply.

    Sorry if i didn't descibe my scenario well enough.

    I certainly do not want to deny public access across the entire site. I want to allow anonymous access to most of the site. I just want to restrict a small number of pages, e.g. member profile page.

    I suppose I could create a generic role that all members are added to upon creation and allow access to protected pages for that role. But that would not be my ideal solution. It would be great if I could use the CMS to deny anonymous access to a page, perhaps that isn't possible. As I mentioned in my original post, another approach is that I could use a location element in web.cong to achieve the restriction. Again, it's not my preferred method.

    Thanks.

  • Richard Soeteman 4049 posts 12922 karma points MVP 2x
    Jul 14, 2011 @ 15:07
    Richard Soeteman
    0

    Hi,

    You cannot disable anonymous access out of the box in Umbraco so you should use the web.comfig opion (never tried that one on an Umbraco site not sure if it will work) and otherwise build something yourself .

    Cheers,

    Richard

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Jul 14, 2011 @ 15:46
    Michael Latouche
    0

    Hi Bob,

    If you have a specific template for your membership pages, you might just want to include the following line in the Load or Init event:

    if (Membership.GetUser() == null)
        Response.Redirect("MyLoginPage.aspx");

    Alternatively, if you don't have a specific template, you can put this code into a macro and then include the macro whereever you need.

    Hope this helps.

    Cheers,

    Michael.

  • Panna 3 posts 23 karma points
    Nov 22, 2011 @ 23:33
    Panna
    0

    Hi Richard

    Can you please elaborate how I would do that? I am stuck there. Can you help??

    thanks

    Panna

     

  • Michael Latouche 504 posts 819 karma points MVP 4x c-trib
    Nov 23, 2011 @ 10:06
    Michael Latouche
    0

    Hi Panna,

    I think what Richard was referring to, is that you can try to use the "standard" authorization process from ASP.Net and put the authorization settings in the web.config file.

    Here are some links where you can find more information about this:

    http://msdn.microsoft.com/en-us/library/8d82143t(vs.71).aspx

    http://support.microsoft.com/kb/316871

    Hope this helps.

    Cheers,

    Michael.

Please Sign in or register to post replies

Write your reply to:

Draft