PDF Macro still executes even if user isn't authenticated
Hopefully I am missing something obvious, but using the code below the PDF is being generated whether the user is logged in or not. Shouldn't the macro only generate the PDF if the user is logged in? Thanks in advance for your help.
Thanks Darren for the quick response. There's no way to protect it because I'm calling the macro on an AltTemplate that generates the PDF. I added the if statement to prevent users who aren't logged in from generating the PDF by calling the AltTemplate. But, unfortunately Umbraco calls the macro and renders the PDF whether th user is logged in or not.
Yes, because you can call an altTemplate from any page or from the root of the site. AltTemplates aren't tied to a specific page that can be protected, and the root of the site can't be protected since it is a public site.
Will do. Thanks for the feedback. I still need to figure out why the macro is getting called even though it is enclosed in the if statement that checks for a user being logged in. If I replace the macro call with text the text doesn't get rendered (which is what you'd expect). Put the macro call back in and the macro gets rendered.
Thanks again for your quick repsonses and insight.
I'm guessing that because my code interferes with request headers and writes directly to the response - As i mentioned. I'd add an umbraco.library:HasAccess to your XSLT and not output any FO if it fails.
PDF Macro still executes even if user isn't authenticated
Hopefully I am missing something obvious, but using the code below the PDF is being generated whether the user is logged in or not. Shouldn't the macro only generate the PDF if the user is logged in? Thanks in advance for your help.
<asp:Content ContentPlaceHolderID="ContentPlaceHolderDefault" runat="server">
<% if (HttpContext.Current.User.Identity.IsAuthenticated) {%>
<umbraco:Macro xsl="PDFMemberCoupons.xslt" Alias="PDFXSLFO" runat="server"></umbraco:Macro>
<%}%>
</asp:Content>
I'm not sure why you wouldn't just protect the content node using the standard umbraco mechanism - e.g. right click and then choose public access?
It is hard to give you a full answer without a more detailed description of what you are trying to achieve.
Thanks Darren for the quick response. There's no way to protect it because I'm calling the macro on an AltTemplate that generates the PDF. I added the if statement to prevent users who aren't logged in from generating the PDF by calling the AltTemplate. But, unfortunately Umbraco calls the macro and renders the PDF whether th user is logged in or not.
How do you mean "no way to protect it"? I'm not with you. Does Umbraco ignore protection when you use an alt template?
Yes, because you can call an altTemplate from any page or from the root of the site. AltTemplates aren't tied to a specific page that can be protected, and the root of the site can't be protected since it is a public site.
If your XSLT looks at child nodes then I guess you'd use umbraco.library:HasAccess to determine whether to render output.
Does seem like an issue that Umbraco will happily render protected nodes with an altTemplate though - I never new that before.
I guess this is an issue with Umbraco rather than my package so would advise that you post it in a more general forum to get a wider response.
Thanks.
Will do. Thanks for the feedback. I still need to figure out why the macro is getting called even though it is enclosed in the if statement that checks for a user being logged in. If I replace the macro call with text the text doesn't get rendered (which is what you'd expect). Put the macro call back in and the macro gets rendered.
Thanks again for your quick repsonses and insight.
I'm guessing that because my code interferes with request headers and writes directly to the response - As i mentioned. I'd add an umbraco.library:HasAccess to your XSLT and not output any FO if it fails.
Adding the ckeck in XSLT worked perfectly. Thanks for all of the help.
is working on a reply...