Telerik approved strategy for implementing a secure site

Hey,

I have scoured the forums and most of the documentation and cannot find a definitive answer or "best practice" for implementing a secure login based site.

First, I started with making a "Login" page (everyone has permissions to see it), a Page Group called "Members" (allowing authenticated users only), and a nested "Home" page inheriting permissions from its parent "Members" page group. 

I added the following to the <authentication /> element in the web.config:

<forms loginUrl="~/login" timeout="20" requireSSL="false" defaultUrl="~/Members/" />

When I attempt to access the path "/Members/Home" I get the following error:

You are not authorized to 'View a page' ('Pages').

This is definitely not the functionality I was expecting.  I was expecting a redirect to the /Login page.  So I looked for an answer in the forums and came across the following solution:www.sitefinity.com/.../sitefinity-4-0-forms-authentication.aspx.  This is far from ideal when building a website as errors need to be seen.

My root question is, what is the Telerik recommended way to accomplish basic user authentication in SF 4.1?

Hi Andrew,

The <forms> setting never works - you always get redirected to ~/Login, regardless to what is the specified loginUrl. There is a config section  Sitefinity >> Administration >> Settings >> Advanced >> Security >> Permissions >> Backend you can change the url in LoginUrl and AjaxLoginUrl boxes.  That should allow you to change the backend login. This feature (of handling the aspxerrorpath in the error pages) is not implemented at this time. We logged a task  pending to be implemented on Q2.

Regards,
Ivan Dimitrov
the Telerik team