Search In
I have created a new custom section in umbraco and have located the files used for this section within the umbraco plugins folder. How do I password protect pages in this folder so that they are not directly accessible by entering the URL to the custom section directly into the address bar.
ie: www.testwebsite.com/.../films.aspx
Cheers,
Marc
You should set the 'Public Access' on the node/sub-codes using the right-click menu. You'll have the option here to select Role based protection (only if you have setup your user types and groups in the User section. Then, all you'll need is to drop in a user control with a .Net asp:Login form on it an you'll be good to go.
Let us know if you need specific examples or take the forum search for a spin :)
Cheers,Nik
Hi Nik,
I'm not sure if you know what I mean. I have added a new custom section that is accessed via the Umbraco admin interface. This is password protected as far as umbraco is concerned as I can control what users that are logged into umbraco are allowed access to my new section.
The problem I have is that if someone knows the URL to my custom section which lives at:
/umbraco/plugins/management/films/films.aspx
They can access this section without going through the umbraco login.
What I need to do is throw users back to the umbraco login page if they access this page directly. I tried adding the following to web.config but this resulted in the login page for my members login appearing in the left hand frame of the umbraco cms interface.
<location path="umbraco/plugins/management"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location>
Sorry that was meant to say 'right hand frame'
doh
Ah, sorry, I definitely misunderstood your issue. I don't know the answer to that. In fact, I have the same issue with one of my sites, and didn't even realize it!! Thanks for bringing it up.
This is an issue. Anyone got a solution?
Hey all -
There was a previous post on this same topic, but I cannot locate it. At any rate, one solution is to handle the AuthorizeRequest event with a custom handler that maps to Umbraco members. Here is the code we use for that:
// add this snippet to web.config to hook up the httpModule // <httpModules> // <add name="AuthorizeEventHandler" // type="MotusConnect.HttpModule" /> // </httpModules>namespace MotusConnect.HttpModule{ public class AuthorizeEventHandler : IHttpModule { public AuthorizeEventHandler() { } public void Dispose() { } public void Init(HttpApplication context) { context.AuthorizeRequest +=new System.EventHandler(context_AuthorizeRequest); } private void context_AuthorizeRequest(object sender, System.EventArgs e) { // check roles here and allow access or redirect HttpApplication app = (HttpApplication)sender; HttpContext context = (HttpContext)app.Context; if (app.User.Identity.Name == null) { // redirect to login context.Response.Redirect(FormsAuthentication.LoginUrl); } // get required role for current page, if there is one bool allowed = false; foreach (string role in SiteMap.CurrentNode.Roles) { if (context.User.IsInRole(role)) { // ye shall pass if you are the right role allowed = true; } } // or not if you don't have the right role, no page for you if (!allowed) { // redirect to login context.Response.Redirect(FormsAuthentication.LoginUrl); } // you're in! }
Sweet! Thanks Paul. This will come in handy. Super!
-- Nik
Yes, super cool Paul :-)
Maybe this should be posted in the WIKI as well?
/Jan
Feel free to post in the Wiki and collect the Karma points!
-Paul
Wiki entries don't get karma cause they can have multiple editors :-) however feel free to share the love on the wiki nevertheless. I'll be using it for sure!
Benjamin
Karma points or not we all think highly of folks who created helpful Wiki entries!