Configuring multiple login forms - Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 25-Nov-2011 00:00

In ASP.Net, I can configure multiple login forms by simply placing a Web.config in the appropriate directory structure and adding the <authentication mode="Forms" /> element underneath <system.web> to secure the appropriate content. In this manner, I can easily configure a base/default login form at the root of the website, while configuring a different login form for any subdirectories beneath the root.

However, since Sitefinity does not follow the standard ASP.Net model, how do I accomplish the same task in Sitefinity? For example, at the root of my website, I want to display a custom login form for end-users, while in the Administration directory, I want to display an Administrative Login Form for my administrative users. In the root of the website, I want to allow anonymous users to browse the website and only log into the site as needed for additional details, while anonymous users attempting to access the Administrative section should always be denied and redirected to the Administrative login screen.

Please advise.

Posted by Community Admin on 30-Nov-2011 00:00

Hi Samir Vaidya,

You can easily achieve this behaviour by using our Permissions module. Just go to Pages and find the page that you would like to deny access of anonymous users. Now click on Actions >> Permissions, Break Inheritance, click on Change for View permissions and deny Anonymous users. This way they will get a 403 error when trying to access the page. You can then set a CustomError to handle the 403 errors and redirect users to the login page.
For the other pages that you want users to optionally login, you can leave the permissions as they are right now and just place a login/logout widget on the page which will always make it possible for anonymous users to login whenever they want to.

Kind regards,
Svetoslav Petsov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 30-Nov-2011 00:00

Is there a better way to do this than simply having to trap the 403 Error message in the Web.config file?

Also, if I have to trap the 403 Error message in the Web.config, how do I distinguish between Administrative
403 error messages and 403 error messages in other sections of my site (such as a Reporting section)?

If that is the only way and no better method exists, what is the code that needs to be present in Web.config to handle the 403 error?

Posted by Community Admin on 05-Dec-2011 00:00

Hello Samir Vaidya,

This is the only way - catch the error for anonymous users and redirect them to the login area. Login will be further extended in our next releases, so you will have more control on it then. What you can do to catch the error is either add a custom error in the CustomErrors section of web.config or do this in Global.asax file:

protected void Application_Error(objectsender, EventArgs e)

var currentPage = HttpContext.Current.Request.Url.ToString();

Exception ex = Server.GetLastError();

if(ex isHttpException)

HttpException httpEx = ex asHttpException;

if(httpEx.Message == "You are not authorized to access this page")

Response.Redirect("~/loginPage?returnurl="+ currentPage);

Server.ClearError();

This will not only redirect you on 403 but will also redirect you back to the page that was requested after login.

Kind regards,
Svetoslav Petsov
the Telerik team

This thread is closed