Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Sean Valentine 11 posts 100 karma points
    Mar 05, 2014 @ 13:32
    Sean Valentine
    0

    Restricted web pages still being able to access

    Hi,

    I've moved from Dotnetnuke to Umbraco and i'm still learning about all of it's functions so i apologise if this is a simple answer.

    I've created a document type called Dashboard and that also has sub-document types (jobs, contact, reports, help etc.)

    After creating my templates and following the tutorials i have set up the website and restricted the Dashboard page to a Role Group called clients.

    Now, when i'm logged out and unauthenticated, if i were to hit the page www.mydomain.com/1152.aspx (where node 1152 is the dashboard page) it would redirect you to the appropriate login page. But if i attempt to hit www.mydomain.com/dashboard.aspx it won't and it will allow you to see the dashboard template.

    How do i secure the dashboard page from being accessed by dashboard.aspx? It also applies if i navigate to www.mydomain.com/jobs.aspx, in fact any of the dashboard sub-document types are accessible this way.

     

    Thanks

    Sean

  • Douglas Robar 3570 posts 4711 karma points MVP ∞ admin c-trib
    Mar 05, 2014 @ 13:37
    Douglas Robar
    0

    Hi, Sean, and welcome to the Umbraco community!

    Sounds as though you've probably got things set up correctly if direct access to the page ID (/1152.aspx) gives the correct behaviour. It's interesting that using the proper url for the page doesn't do that.

    Can I ask what version of Umbraco you're using?

    cheers,
    doug.

  • Sean Valentine 11 posts 100 karma points
    Mar 05, 2014 @ 14:41
    Sean Valentine
    0

    Hi Doug,

    It says i'm using version Umbraco v6.1.6 (Assembly version: 1.0.5021.24867)

    Thanks

     

    Sean

  • Douglas Robar 3570 posts 4711 karma points MVP ∞ admin c-trib
    Mar 05, 2014 @ 14:57
    Douglas Robar
    0

    Thanks, Sean, that's helpful.

    Well, it's always possible that the updated Membership API stuff has broken something. It's worth a double-check and then writing a bug report if it is truly broken.

    Hopefully someone can get to it right away. If not, I can give it a try tonight or tomorrow morning and let you know what I find out.

    To confirm, the problem is that you create a content page and set permissions on it so that only certain members can see the page. But when viewing the site anyone can see the page using it's url and are never prompted to login. Is that correct?

    cheers,
    doug.

  • Douglas Robar 3570 posts 4711 karma points MVP ∞ admin c-trib
    Mar 05, 2014 @ 22:02
    Douglas Robar
    100

    Hi, Sean,

    I just tested this in 6.1.5 and 6.1.6 and had no problem at all. Here's what I did for a test with an empty site...

     

    In the MEMBERS section:

    1. Create a new Member Type called 'Partner'
    2. Create a new Member Group called 'Partners'
    3. Create a new Member called 'Doug' and assign him to the 'Partners' group by selecting it in the listbox on the left and clicking the >> button to move it to the right hand list

     

     

    In the SETTINGS section:

    1. Create a 'Home page' document type, allow it at the root on the 'Structure' tab
    2. Create a 'Text page' document type, with a 'Body Text' property that is a richtext editor 
    3. On the Home page document type, allow Text pages to be created as children on the 'Structure' tab 
    4. Enter the following in the Text page template:
        @inherits Umbraco.Web.Mvc.UmbracoTemplatePage
      @{  
            Layout = null;  
        }
        @Umbraco.Field("bodyText")

     

     

    In the CONTENT section:

    1. Create 5 new pages on the site in the Content section:  

    CONTENT  
     - Welcome       <-- as a Home page document type  
    - - Test         <-- as a Text page document type  
    - - Protected    <-- as a Text page document type  
    - - Login        <-- as a Text page document type  
    - - Error        <-- as a Text page document type 
    1. On each page, type something like, 'I'm the Test page' and 'I'm the Login page', etc. so that each page is clearly identified.
    2. Save an publish each page.
    3. Right-click the 'Protected' page and select the 'Public Access' menu.
    In the PUBLIC ACCESS dialog box:
    You can either choose 'Single user protection' or 'Role based protection'. I tried them both and got the same response with each. Here's how I did the Role based protection...
    1. Select the Role based protection radio button and click the Select button
    2. Click the 'Partners' item in the left-hand listbox
    3. Click the '>>' button. Partners now moves to the right-hand box
    4. Choose the 'Login' and 'Error' pages
    5. Click the Update button
    That's it!
    Now visit the site. To be sure all is working properly, if you go to the /test.aspx page you will see 'I am the test page' (or whatever you typed into that page's richtext editor). 
    Now go to the /protected.aspx page and you should see 'I am the login page' (or whatever you typed) rather than 'I am the protected page'. This shows that the automatic protection system is working in Umbraco and will require a login before you can view the protected page's content.
    Try the above and let us know how you get on with it. 
    cheers,
    doug. 
Please Sign in or register to post replies

Write your reply to:

Draft