Login required on specific pages?

Posted by Community Admin on 04-Aug-2018 15:11

Login required on specific pages?

Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 25-Sep-2013 00:00

Hello,

I'm a .net developer new to Sitefinity. I have a client asking for an update to their Sitefinity 5.2 site. They are wanting some of their content pages to require a login. Anyone can register, and upon registering for a user account, an email should be sent to an administrator to approve / deny the registration.

Looking around the documentation and Sitefinity back-end app, I see that I can create users and roles. I'm wanting to make sure that these users are only able to access the live site / content, and that these are not creating users that can log into the back-end CMS app. I'm not finding a lot in the documentation to handle approval of registration, but I'm probably just not looking in the right places.

I'm sure this has been done before, but I haven't found anything in the forums that really mentions it. Can someone point me in the right direction for what I'm needing to look for in the documentation, or can advise me in how I would build functionality like this in Sitefinity 5.2?

Thanks!

Posted by Community Admin on 27-Sep-2013 00:00

I have not done exactly what you are asking but I have done some of the parts that you require.

1) To require login on specific pages, you may have to alter your permissions hierarchy for said pages.  To do this you must open the permissions option for that page on the "Pages" backend screen.  Then you can break the inheritance and change which user roles can view the page and its children.

2) To prevent users from logging into the backend of sitefinity, you must verify that these user's are not getting the "This user can access site backend" checkbox marked.  It would also be good to use an already provided role or create your own role to make sure that these users cannot login to the backend.

3) If your client is like my client, they probably want to use their own brand login page rather than Sitefinity's login page.  You can do this by creating your own login page in Sitefinity and put a login control on the page.  Then you can add a custom error definition in your web.config that will redirect all 403 errors to your newly created login page.

I am more of control freak so I put my 403 error handling in the global.asax of my site using the following code.  I use the application error section to handle 404's, 403's, and 500 errors.  I am sure others may have easier or better ways though.  But I hope this helps!

protected void Application_Error(object sender, EventArgs e)
        
           var currentPage = Context.Request.Url.PathAndQuery;
            Exception ex = Server.GetLastError();
            if (ex is HttpException)
            
                HttpException httpEx = ex as HttpException;
 
                if (httpEx.GetHttpCode() == 403)
                
                    Server.ClearError();
                    Context.Response.Redirect("~/login?ReturnUrl=" +  currentPage);
                
 
                else if (httpEx.GetHttpCode() == 404)
                
                    Context.Response.Redirect("~/Handlers/ErrorHandler.ashx");
                
 
                else if (httpEx.GetHttpCode() == 500)
                
                   Server.ClearError();
                   Context.Response.Redirect("~/maintenance.html");
                     
                
            
            else
            
                log.Fatal("An uncaught exception occurred", this.Server.GetLastError());
            
        

Posted by Community Admin on 30-Sep-2013 00:00

Hi guys,

By default Sitefinity would not send email to the admin when a user registers through the Registration widget. You will need to create a custom Registration control in order to achieve this. You can inherit from our RegistrationForm class and override the SendRegistrationConfirmationEmail method to plug in your logic to send email to administrator as well. If you are not using confirmation emails functionality you can also override the RegisterButton_Click event.

Additionally the built in roles Users, Customers and Moderators are not backend users by default, so you can also use them when setting up the role which will be assigned from the Registration widget

Regards,
Pavel Benov
Telerik
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 02-Oct-2013 00:00

Thank you guys for the help! I didn't realize that users didn't automatically get assigned to the back-end. Brett, yes, my client is like yours and wants their own custom login / registration widget. I'll be building it as a partial which will pop up in a modal window if the user is not logged in, or does not have permission to view the page. I think I'm going to go with your idea of handling the server errors in the global.asax. And thank you Pavel, I'll go ahead and mod the registration widget; thanks for the documentation link.

My client has added a bit to the scope; only certain users can be authenticated to certain pages... So if there are 2 pages, and 3 users, the permissions would be similar to this:

(format is "Page" : "Users")
Page 1 : User 1, User 3
Page 2 : User 2, User 3

I'm thinking I'll try to modify the user editing page to allow the client to select which pages each user is allowed to view. Or perhaps it would be easier to create roles for each page they create to assign users to pages. I'll come back and report which I used in case someone else wants to build something similar.

This thread is closed