Redirect to login page for password protected site?
For pages under "Permissions for all pages", I have set "View pages" to "Administrators only" (screenshots page_sec.png and page_perm.png). I am using the latest 4.1 SP2 that was released today.
When I hit the site as an anonymous user, I get the default "Thank you for visiting..." display. Furthermore, when I hit a page directly, I get the error "This type of page is not served." (screenshots anon_site.png and anon_page.png).
How do I redirect the anonymous user to a login page instead?
Hi Basem,
When you type your site's domain the system looks up the homepage and in your case it's not returned (because permissions omit it from the query), so it assumes there is no homepage - that's why the default "Under construction" message appears on the screen. However, when the user tries to get the page explicitly, the permissions are checked and error code 403 Forbidden is thrown. This behavior is by design - you can easily handle the error in the customErrors element in you web.config to automatically redirect you to the login screen when a user who lacks the proper permissions is trying to access a certain page. Please refer to the sample below:
<
customErrors
mode
=
"On"
>
<
error
statusCode
=
"403"
redirect
=
"~/Sitefinity/Login"
/>
</
customErrors
>
protected
void
Application_Error(
object
sender, EventArgs e)
var currentPage = HttpContext.Current.Request.Url.ToString();
//.Split('/').Last();
Exception ex = Server.GetLastError();
if
(ex
is
HttpException)
HttpException httpEx = ex
as
HttpException;
if
(httpEx.Message ==
"You are not authorized to access this page"
)
Response.Redirect(
"~/Test?returnurl="
+ currentPage);
Server.ClearError();
Thanks Boyan, but how do I correct the home page problem? For a password protected site, I would like unauthenticated users to be redirected to the login page, but authenticated users to be redirected to the home page when visitors hit "http://mysite.com".
There is also a major issue when hitting a password protected page and being redirected to the login (based on <customError.. config). After the user logs in, they are not redirect to the page they initially requested. So the login page just refreshes as the logged in user which doesn't make sense.
Hi Basem,
I fully agree with you, that's exactly what you can achieve if you use the second code sample I have provided (please note that I'm passing the current page that redirected the user to the login page as a parameter to ?retururl which will cause the login widget to redirect you to the initial page once successfully authenticated). As per the homepage, yes you are right indeed this might be causing some inconvenience, however it's the domain redirect that's not working properly, not the homepage itself, because if you access it directly it will return 403 as desired. Please take a look at the sample user control I'm attaching to this reply, you can customize it according to your purposes and place it on any page, it's main functionality is to redirect unauthenticated users to a specified page.
Best wishes,
Boyan Barnev
the Telerik team
If you have your page with view permission set to authenticated users, you are going to have the 403 error before the control Load method is invoke. Is this control intended to work with a page with view permission for everyone?.
I tried to set the application_error in the global.asax to handle this situation but when my site is on SSL I'm getting "To many redirects" kind of errors.
I found out this type of errors is common when redirecting in a multi-lingual sites.
When you redirect to ~/ErrorPage.aspx the application will try to redirect it again to ~/en/ErrorPage.aspx (or any other language of your choice).
We simply set
<
customErrors
defaultRedirect
=
"~/en/ErrorPage.aspx"
mode
=
"On"
>
Hi
Where the code stats a ReturnUrl do i need to code for that paramater myself or will the login widget on the custom login page pick this up and redirect?
Its just that I cant see a property of this name in the login widget that suggest it picks it up.
At present I have implemented the example on my page however once I have logged in it stays on the same login page I created.
I need to write it like this as opposed to hardcoding the path as users view the data anonymously but then when they want further information they must log in and the guid of that record is passed, like so http://localhost:xxx/Login?ReturnUrl=http://localhost:xxx/more-information?id=d545a699-9999-9999-94fe-07f727ea91ec.
If I do have to code the for the ReturnUrl parameter myself where would I do that given I would have to create some code behind in a Sitefinity page?
Many thanks
Have you looked into "DestinationPageUrl" under Behavior?
Other than that, the widget (and LoginControl for backward compatiblity) should redirect by default to the reffering URL.
Hi Chanan
Thanks for your reply. Given that the destination url is going to be different everytime because of the GUID paramter how I would I set the DestinationPageUrl?
An idea could be to create a Web User Control, inherited from the Login Control and on the Load event of the control check the Page QueryString and set the DestinationPageUrl at runtime?
I will also check the LoginControl for backward compatibility to see if this acts differently.
Cheers
Well, we use a login control, Sitefinity 5.0.2080, setting the DestinationPageUrl to the site's home page. This parameter comes into play only when no referral url exists (user calls the Login page directly, rather than being redirected to it from a protected page). If a user is being redirected to the Login page from a protected page, then he/she will be returned to that page after having completed log-in, regardless of what the value of the DestinationPageUrl parameter is.
This is the way it works on our site.