Configuring multiple login forms
In ASP.Net, I can configure multiple login forms by simply placing a Web.config in the appropriate directory structure and adding the <authentication mode="Forms" /> element underneath <system.web> to secure the appropriate content. In this manner, I can easily configure a base/default login form at the root of the website, while configuring a different login form for any subdirectories beneath the root.
However, since Sitefinity does not follow the standard ASP.Net model, how do I accomplish the same task in Sitefinity? For example, at the root of my website, I want to display a custom login form for end-users, while in the Administration directory, I want to display an Administrative Login Form for my administrative users. In the root of the website, I want to allow anonymous users to browse the website and only log into the site as needed for additional details, while anonymous users attempting to access the Administrative section should always be denied and redirected to the Administrative login screen.
Please advise.
Hi Samir Vaidya,
You can easily achieve this behaviour by using our Permissions module. Just go to Pages and find the page that you would like to deny access of anonymous users. Now click on Actions >> Permissions, Break Inheritance, click on Change for View permissions and deny Anonymous users. This way they will get a 403 error when trying to access the page. You can then set a CustomError to handle the 403 errors and redirect users to the login page.
For the other pages that you want users to optionally login, you can leave the permissions as they are right now and just place a login/logout widget on the page which will always make it possible for anonymous users to login whenever they want to.
Is there a better way to do this than simply having to trap the 403 Error message in the Web.config file?
Also, if I have to trap the 403 Error message in the Web.config, how do I distinguish between Administrative
403 error messages and 403 error messages in other sections of my site (such as a Reporting section)?
If that is the only way and no better method exists, what is the code that needs to be present in Web.config to handle the 403 error?
Hello Samir Vaidya,
This is the only way - catch the error for anonymous users and redirect them to the login area. Login will be further extended in our next releases, so you will have more control on it then. What you can do to catch the error is either add a custom error in the CustomErrors section of web.config or do this in Global.asax file:
protected void Application_Error(objectsender, EventArgs e)
var currentPage = HttpContext.Current.Request.Url.ToString();
Exception ex = Server.GetLastError();
if
(ex isHttpException)
HttpException httpEx = ex asHttpException;
if
(httpEx.Message ==
"You are not authorized to access this page"
)
Response.Redirect(
"~/loginPage?returnurl="
+ currentPage);
Server.ClearError();