Querying restricted page when not logged in
I need to retrieve the URLs for some pages that are restricted to authorised users. However, I wish to do this in a widget that is displayed on pages that can be accessed by anonymous users, the idea being that the URL redirects to the login page with the correct ReturnUrl parameter in the query string.
When trying to query pages in this way using PageManager.GetManager().GetPageNode I get the following error:
You are not authorized to 'View this page and its child pages' ('Pages').
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: You are not authorized to 'View this page and its child pages' ('Pages').
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically MACHINE\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and the configured application pool identity on IIS 7.5) that is used if the application is not impersonating. If the application is impersonating via <
identity
impersonate
=
"true"
/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET access to a file, right-click the file in File Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
Is there any other way to query restricted pages when not logged in? I can understand that an anonymous user should not be able to reach a restricted page, but not being able to query it in the controller code seems to be quite limiting.
Hi Haroon,
You can try to suppress the security check before your code and set it back once it is called like:
PageManager manager = PageManager.GetManager();
manager.Provider.SuppressSecurityChecks =
true
;
// your code goes here
manager.Provider.SuppressSecurityChecks =
false
;