Apologies if this has been covered but I wasn't able to find any answer to this in the current posts.
Can I deny anonymous access to a page (or collection of pages). E.g. a member profile page. If a member is not logged in and tries to visit that page I wnat them to be redirected to the login page and after login sent back to the original member-only page.
I realise that using the 'Public access' functionality in Umbraco I can restrict access for a set of Roles or a specific login, but it doesn't seem to allow for simply denying anonymous access altogether.
I could use a location element in web.config, but this isn't ideal and I think that I'd also require two entries for each page (one for with a '.aspx' extension and one without). And I also realise that I could check that the current user is authenticated in a page load event and redirect if necessary, but I was hoping to avoid having to do that explicity and just use the CMS.
So am I missing something and this can be achieved using the CMS?
You have to use the Public Access functionality indeed to restrict access. The good thing is that you can set public access on the root of your site so every page is protected in that way. Create a default role you want every member to have. Give the site access to that role and use the event system to assign the default role to the member when it is created.
Then you have disable anonymous access for the site.
Sorry if i didn't descibe my scenario well enough.
I certainly do not want to deny public access across the entire site. I want to allow anonymous access to most of the site. I just want to restrict a small number of pages, e.g. member profile page.
I suppose I could create a generic role that all members are added to upon creation and allow access to protected pages for that role. But that would not be my ideal solution. It would be great if I could use the CMS to deny anonymous access to a page, perhaps that isn't possible. As I mentioned in my original post, another approach is that I could use a location element in web.cong to achieve the restriction. Again, it's not my preferred method.
You cannot disable anonymous access out of the box in Umbraco so you should use the web.comfig opion (never tried that one on an Umbraco site not sure if it will work) and otherwise build something yourself .
I think what Richard was referring to, is that you can try to use the "standard" authorization process from ASP.Net and put the authorization settings in the web.config file.
Here are some links where you can find more information about this:
Deny anonymous access
Hi,
Apologies if this has been covered but I wasn't able to find any answer to this in the current posts.
Can I deny anonymous access to a page (or collection of pages). E.g. a member profile page. If a member is not logged in and tries to visit that page I wnat them to be redirected to the login page and after login sent back to the original member-only page.
I realise that using the 'Public access' functionality in Umbraco I can restrict access for a set of Roles or a specific login, but it doesn't seem to allow for simply denying anonymous access altogether.
I could use a location element in web.config, but this isn't ideal and I think that I'd also require two entries for each page (one for with a '.aspx' extension and one without). And I also realise that I could check that the current user is authenticated in a page load event and redirect if necessary, but I was hoping to avoid having to do that explicity and just use the CMS.
So am I missing something and this can be achieved using the CMS?
Thanks, help is appreciated.
Hi,
You have to use the Public Access functionality indeed to restrict access. The good thing is that you can set public access on the root of your site so every page is protected in that way. Create a default role you want every member to have. Give the site access to that role and use the event system to assign the default role to the member when it is created.
Then you have disable anonymous access for the site.
Cheers,
Richard
Hi Richard,
Thanks for taking time to reply.
Sorry if i didn't descibe my scenario well enough.
I certainly do not want to deny public access across the entire site. I want to allow anonymous access to most of the site. I just want to restrict a small number of pages, e.g. member profile page.
I suppose I could create a generic role that all members are added to upon creation and allow access to protected pages for that role. But that would not be my ideal solution. It would be great if I could use the CMS to deny anonymous access to a page, perhaps that isn't possible. As I mentioned in my original post, another approach is that I could use a location element in web.cong to achieve the restriction. Again, it's not my preferred method.
Thanks.
Hi,
You cannot disable anonymous access out of the box in Umbraco so you should use the web.comfig opion (never tried that one on an Umbraco site not sure if it will work) and otherwise build something yourself .
Cheers,
Richard
Hi Bob,
If you have a specific template for your membership pages, you might just want to include the following line in the Load or Init event:
Alternatively, if you don't have a specific template, you can put this code into a macro and then include the macro whereever you need.
Hope this helps.
Cheers,
Michael.
Hi Richard
Can you please elaborate how I would do that? I am stuck there. Can you help??
thanks
Panna
Hi Panna,
I think what Richard was referring to, is that you can try to use the "standard" authorization process from ASP.Net and put the authorization settings in the web.config file.
Here are some links where you can find more information about this:
http://msdn.microsoft.com/en-us/library/8d82143t(vs.71).aspx
http://support.microsoft.com/kb/316871
Hope this helps.
Cheers,
Michael.
is working on a reply...