Log-in page redirection for user without permissions
Hi,
I just downloaded the Sitefinity 4.1 SP1 and I was trying to see how permissions work. If an anonymous user tries to access a page with permissions granted only to certain group of users, the following message appears on screen. How can I make log-in screen appear there instead?
Server Error in '/4_1_SP1_Test' Application.
This type of page is not served.
Description: The type of page you have requested is
not served because it has been explicitly forbidden. Please review
the URL below and make sure that it is spelled correctly.
Requested URL: /4_1_SP1_Test/resources
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
Hello Sachin,
This behavior is by design - if a user does not have view rights over a page he/she will normally be presented with 403 Forbidden error. What you can do is to set up the customErrors element in you web.config to automatically redirect you to the login screen when a user who lacks the proper permissions is trying to access a certain page. Please refer to the sample below:
<customErrors mode="On"> <error statusCode="403" redirect="~/Sitefinity/Login" /></customErrors>Hi Boyan,
Thanks for this, how would you change the login page for different parts of the site, in standard asp.net you could place a different web.config file in the folders of the site and specify a new 403 element, how can this be achieved in 4.1?
Anthony
Hi Anthony,
Can you, please, give me an example of the exact use case scenario where you want this functionality implemented so I can give you a better advice? If you want to have this only for anonymous users, you might simply use the sample user control I've attached to this reply, which can be dropped on any page and redirects anonymous users to the redirect page specified in the contorl, allowing you to set up different login pages for each page you have the control on. Please let me know if the functionality you demand is different.
Kind regards,
Boyan Barnev
the Telerik team
Hi Boyan,
Yes your attached control would give the solution but wouldn't integrate all of Sitefinity roles/permissions power.
Basically i was looking for something similar to the following
Section 1
-- Home (Template A)
-- restricted page (Template A) --> section 1 login (Template A)
Section 2
-- Home (Template B)
-- restricted page (Template B) --> section 2 login (Template B)
Both of these logins use the same logic/control but are just in different areas of the site so may use a different template
Hello Anthony,
I saw that coming :) In that case, you can utilize the built-in Sitefinity logic which handles roles/permissions and use customErrors to chatch the 403 and redirect to one page always. Then on that page you can simply implement some logic that checks where the redirect is coming from (e.g. HttpContext.Current.Request.Url.ToString().Contains("SectionName") ) and redirect the user accordingly to the desired section login page.
Greetings,
Boyan Barnev
the Telerik team
Hi Boyan,
Yes that would be a better solution, what is your preferred method to 'implement some logic',
i know you could just create a user control and drop that on but what about using the code behind method recently introduced in 4.1, i haven't see any implementation examples of this, is this a better solution that dropping a control on, could you provide a small code behind example as i havent seen it done before?
Cheers
Anthony
Hi Boyan,
Thanks for the reply. I was actually referring the front-end access of the website when I said 'log-in screen for users'. I should have made it clear. I have a log-in page with a Sitefinity log-in control in it. I added this page to the redirect of 403 error in the web.config. It's fine until here but the log-in page doesn't redirect them to the page they initially seeking for. I searched Sitefinity website for this and found out the 'aspxerrorpath' handling will be taken care of in Q2. Until then, is there any work around for that? Users with permissions for that page should get redirected to page they were trying to access and ones with don't should get message mentioning that they don't have enough permissions to view the page.
Hi,
@Sachin: It's possible to configure this in an application-wide settings class, i.e. Global.asax, where you could say:
protected void Application_Error(object sender, EventArgs e) var currentPage = HttpContext.Current.Request.Url.ToString(); //.Split('/').Last(); Exception ex = Server.GetLastError(); if (ex is HttpException) HttpException httpEx = ex as HttpException; if (httpEx.Message == "You are not authorized to access this page") Response.Redirect("~/Test?returnurl=" + currentPage); Server.ClearError(); See next post.
In version 5.0.2080 the error code I get when page is protected is -2147467259 (file does not exist).
Permissions set on the pages in question allow access only to "authenticated" users.
This puzzling error is obviously produced by Sitefinity, which considers the page as non-existent once it does not have permissions to display it.
Setting global.asax to redirect to the log-in page, sends visitors to the log-in page also when page really does not exist.
Hope this will be fixed in version 5.1.