Loading ...Hey guys,
if you are trying to restrict special sites for the extranet\anonymous user, so only authenticated users (doesn’t matter if it’s a virtual user or a real user account) can view that content.
You can restrict the read right for the anonymous user and add an (undocumentated - the reason I write about it 
) attribute to your site in the web.config. The default one will be website I think.
loginPage=“/sitecore/content/home/Registration/Login.aspx“
It can also be a sitecore Item and you refer to the virtual path. So after Sitecore sees that the user is not autenticated, it redirects the user to your login page. Unfortunately it passes own query string parameters, and none of them is “returnUrl”. In my case I hooked into the httpRequest pipeline right before the ExecuteRequest processor and created my own SecurityResolver.
[updated]
public class SecurityResolver : HttpRequestProcessor { public override void Process(HttpRequestArgs args) { // Get the site context // [CW] SiteContext site = Sitecore.Context.Site; // Check if the current user has sufficient rights to enter this page // [CW] if (SiteManager.CanEnter(site.Name, Sitecore.Context.User)) { string prefix = args.StartPath; if(args.LocalPath.Contains("/sitecore/content/home")) prefix = String.Empty; if (Sitecore.Context.Database != null) { Database contextDatabase = Sitecore.Context.Database; Item contextItem = null; // Get the item using securityDisabler for restricted items // [CW] using (new SecurityDisabler()) { contextItem = contextDatabase.SelectSingleItem(String.Concat(prefix, args.LocalPath)); } // Check if a loginPage is given // (Should be for this website) // [CW] if ((contextItem != null) && (contextItem.Access.CanRead() == false) && (site != null) && (site.LoginPage.Length > 0)) { // Redirect the user // [CW] WebUtil.Redirect(String.Format("{0}?returnUrl={1}", site.LoginPage, HttpContext.Current.Server.HtmlEncode(HttpContext.Current.Request.RawUrl))); } } } } }
Hope it’s helpful for you - You may also post questions or interests. I’m looking forward to develop a sitecore client application with xaml, and can manage to documentate the steps I do.
cheers chris
‹ go back // go to overview
Hi Chris,
I am trying to implement a similar approach for my organization’s website. The only difference is that I am using it to redirect to SSL pages.
My problem is that the web.config is not picking up my code for the SecurityResolver. Probably because I haven’t added the reference in the bin. Just wondering where you put this code within your sitecore web folder.
Thanks,
Bo
Hey,
do you already have a c# project for your sitecore solution? If yes you should create a .cs file and compile it to a dll to place this in your bin folder.
Else you can create a class library and compile this to place it in your bin folder.
You got a couple of approaches how to place this in your code.
cheers chris
Yea I got it working via the latter approach.
This blog definitely helped though. Thanks alot
No worries …. If I can help you again, just send me a message or anything else
cheers chris
Hello Chris,
Thanks for the tips. I have done the same thing. But still it is showing the default page.
And I have added the attribute loginPage=“/sitecore/content/home/Registration/Login.aspx“ to
“default page” ? Which page do you see?
Because:
- If you want to change the login page for the ‘website’ there is no default page for the login, the use should see “you are not allowed […]”
- If you want to change the login for the ’sitecore client’ - we may be have to do more work than mentioned above.
best
Hello Chris,
I am seeing the Homepage which I have set in Sitecore.
I am having some confusions regarding the approach for Login as I am just starting with Sitecore.
My requirement :
- Create a private web site which should be accessed only by authenticated users.
- Restrict some of the user from accessing some sections depending up on the role
Quesions:
Which is the right/best way to achieve this?
Where to start with?
Is it required that Login page should be in Sitecore(DataItem-Layout-Sublayout procedure)? or can I just start with a default page which is not in sitecore?
If so how it is to be done? In future User can be external sources too? How to handle this scenario(integrating external user with Sitecore Security/permission/Role?
I just need to introduce login for the Published website and have to do branding depending up on the logged in user.
If you can provide some inputs on how to achieve this, it will be of great help.
Thanks,
Raj
Hey Raj,
sorry for the delay. I’m quite busy at the moment.
- Create a tree where you set “deny for anonymous” user in the security editor
- Create a login page and add this to your website settings in the web.config
- It doesn’t need to be a Sitecore item. You can also create a normal .net web form where you redirect to.
- Set security permissions based on roles for your tree by denying read access for all and allow read access for the groups you want to have there.
- If you need to integrate external datasources there is a buzz-word: “virtual uers”. With that user you do not need to create a real user account in sitecore. You get the external user, test the user credentials and if everything is correct you create a virtual user, log him in and give him a role for the external datasource (then you are able to set permissions within sitecore for all external users)… you can also create multiple user groups for various external user.
- Your domain is the extranet.
If you need more help, write me a mail and we can talk about.
best chris
Hi Chris,
Thanks for the inputs and time. It is very valuable. From where can I have your email Id.
Please let me know. I need more details, so that I can ensure that I am doing everything
in the right way.
Thanks Again,
Raj
Hello,
Thank you for this article, it is very interesting. I tried to compile the code and I get this error:
Error 1 The type or namespace name ‘HttpRequestProcessor’ could not be found (are you missing a using directive or an assembly reference?)
Currently I have the following:
using System.Text;
using Sitecore;
using Sitecore.Diagnostics;
using Sitecore.Pipelines.HttpRequest;
using Sitecore.Web;
using System.Web.Routing;
using System.Web;
I have been looking for the missing using directive or assembly reference but I don’t find the right one. I work with Sitecore 5.3.1.
Could someone help me?
Thank you.
Hey Leo,
have you tried to use the namespace in the code? Like
Sitecore.Pipelines.HttpRequest.HttpRequestProcessor req = new ….
hope that helps. best