Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Eric 35 posts 55 karma points
    Apr 04, 2010 @ 11:58
    Eric
    0

    directory protection from web.config

    Hi there,

    I have added a physical directory called "statistics" to an umbraco website.

    I need to restrict access to this directory to an Umbraco user, so I was thinking to use the default login form (login.aspx).

    I have added the directory to the <appSettings> so that umbracoReservedPath key now looks like this:

    <add key="umbracoReservedPaths" value="/umbraco,/install/,/statistics/" />

    I have also added this section after the first <system.web> tag:

    <location path="statistics">
                    <system.web>
                        <authorization>
                            <deny users="?"/>
                        </authorization>
                    </system.web>
                </location>

    And since login.aspx was not found, I have modified

    <authentication mode="Forms">
          <forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" />
        </authentication>

    to this

    <authentication mode="Forms">
          <forms name="yourAuthCookie" loginUrl="umbraco/login.aspx" protection="All" path="/" />
        </authentication>

    Now, when I try to access statistics folder at address mydomain/statistics, I am redirected to the login page but as soon as I log in (even if address looks like mydomain/umbraco/login.aspx?ReturnUrl=%2fstatistics), I land on back-end page.

    Is it possible to be redirected to statistics subfolder? What's wrong here?

    Thanks in advance for helping.

    Eric

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Apr 04, 2010 @ 13:06
    Morten Bock
    0

    You probably need to create you own login page that uses the standard login controls from asp.net

  • Eric 35 posts 55 karma points
    Apr 04, 2010 @ 13:56
    Eric
    0

    Thank you Morten,

    I have create a login page.

    I have also modified

    <location path="statistics">
                    <system.web>
                        <authorization>
                            <allow roles=" "/> //I am not able to figure out what is the role name: I tried Administrators, Users, umbracoUsers - no results
                            <deny users="?"/>
                        </authorization>
                    </system.web>
                </location>

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Apr 04, 2010 @ 17:52
    Morten Bock
    0

    I think it is the membergroup that needs access.

    Are you trying to allow members or users to see the content?

  • Eric 35 posts 55 karma points
    Apr 04, 2010 @ 21:13
    Eric
    0

    Only users that belong to administrator type! (I would like to grant access to users that are administrators).

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Apr 05, 2010 @ 00:20
    Morten Bock
    0

    Ok, well the standard membership provider is using the "members" from umbraco. What you want is to get the "users".

    I don't know if it is possible, but you need to set up your authorization to use the UsersMembershipProvider (umbraco.providers.UsersMembershipProvider) instead.

    Is your statistics area based on your own custom code, or is it a 3rd party tool? (Can you make changes to the source?)

  • Eric 35 posts 55 karma points
    Apr 05, 2010 @ 19:25
    Eric
    0

    It is a 3rd party tool (aw-stat) provided with the server. It is an extra folder in the web root folder. I think that I will have to write some code to check who is logging, right ? Perhaps the best solution is to put statistic on a iframe located on a protected page. I will also check if I can find the script and modify it for this use.

  • mmaty 99 posts 228 karma points
    Sep 09, 2016 @ 13:33
    mmaty
    0

    Did you find a solution for this problem? Since I'm facing similar difficulties.

    Mirko

Please Sign in or register to post replies

Write your reply to:

Draft