Now, when I try to access statistics folder at address mydomain/statistics, I am redirected to the login page but as soon as I log in (even if address looks like mydomain/umbraco/login.aspx?ReturnUrl=%2fstatistics), I land on back-end page.
Is it possible to be redirected to statistics subfolder? What's wrong here?
<location path="statistics"> <system.web> <authorization> <allow roles=" "/> //I am not able to figure out what is the role name: I tried Administrators, Users, umbracoUsers - no results <deny users="?"/> </authorization> </system.web> </location>
Ok, well the standard membership provider is using the "members" from umbraco. What you want is to get the "users".
I don't know if it is possible, but you need to set up your authorization to use the UsersMembershipProvider (umbraco.providers.UsersMembershipProvider) instead.
Is your statistics area based on your own custom code, or is it a 3rd party tool? (Can you make changes to the source?)
It is a 3rd party tool (aw-stat) provided with the server. It is an extra folder in the web root folder. I think that I will have to write some code to check who is logging, right ? Perhaps the best solution is to put statistic on a iframe located on a protected page. I will also check if I can find the script and modify it for this use.
directory protection from web.config
Hi there,
I have added a physical directory called "statistics" to an umbraco website.
I need to restrict access to this directory to an Umbraco user, so I was thinking to use the default login form (login.aspx).
I have added the directory to the <appSettings> so that umbracoReservedPath key now looks like this:
<add key="umbracoReservedPaths" value="/umbraco,/install/,/statistics/" />
I have also added this section after the first <system.web> tag:
<location path="statistics">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
And since login.aspx was not found, I have modified
<authentication mode="Forms">
<forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" />
</authentication>
to this
<authentication mode="Forms">
<forms name="yourAuthCookie" loginUrl="umbraco/login.aspx" protection="All" path="/" />
</authentication>
Now, when I try to access statistics folder at address mydomain/statistics, I am redirected to the login page but as soon as I log in (even if address looks like mydomain/umbraco/login.aspx?ReturnUrl=%2fstatistics), I land on back-end page.
Is it possible to be redirected to statistics subfolder? What's wrong here?
Thanks in advance for helping.
Eric
You probably need to create you own login page that uses the standard login controls from asp.net
Thank you Morten,
I have create a login page.
I have also modified
<location path="statistics">
<system.web>
<authorization>
<allow roles=" "/> //I am not able to figure out what is the role name: I tried Administrators, Users, umbracoUsers - no results
<deny users="?"/>
</authorization>
</system.web>
</location>
I think it is the membergroup that needs access.
Are you trying to allow members or users to see the content?
Only users that belong to administrator type! (I would like to grant access to users that are administrators).
Ok, well the standard membership provider is using the "members" from umbraco. What you want is to get the "users".
I don't know if it is possible, but you need to set up your authorization to use the UsersMembershipProvider (umbraco.providers.UsersMembershipProvider) instead.
Is your statistics area based on your own custom code, or is it a 3rd party tool? (Can you make changes to the source?)
It is a 3rd party tool (aw-stat) provided with the server. It is an extra folder in the web root folder. I think that I will have to write some code to check who is logging, right ? Perhaps the best solution is to put statistic on a iframe located on a protected page. I will also check if I can find the script and modify it for this use.
Did you find a solution for this problem? Since I'm facing similar difficulties.
Mirko
is working on a reply...