|
|
Member
|
james-oakwood-dc
-
5/27/2010 10:18:16 AM
Whole site behind login page
I have a requirement to put an entire Kentico site behind a login page. From my initial investigations it looks to me like I have two options.
1. Restyle the ~/cmspages/logon.aspx page.
2. Create my root page as a login page. Set all child pages access level to "Requires authentication". When a user logs in via the root page, I authenticate them using the CMS.SiteProvider.UserInfoProvider.AuthenticateUser() method.
Both of these don't feel like "the right way" to achieve this. Has anyone done any thing like this with Kentico?
|
|
|
|
Kentico Support
|
kentico_jurajo
-
5/27/2010 1:30:32 PM
RE:Whole site behind login page
Hi, You can create custom logon page where ever within the content tree and set the root document to require authentication - so all pages will require this. Now, you need to go to your custom logon page and set this page not to inherit the authentication (if this page requires authentication, it leads to an infinite loop). Then in Site Manager -> Settings set the logon page and the permissions checking for your site to be your custom and that's it. Secured web site areasBest regards, Juraj Ondrus
|
|
|
|
|
Member
|
Gais
-
6/14/2010 5:02:12 AM
RE:Whole site behind login page
Many thanks for the reply.
I have followed your steps as suggested and this works for the main customer facing parts of the site. However, if I am an editor or administrator and try to access the URLs ~/CMSDesk or ~/CMSSiteManager I can't log in via the Kentico login. On entering user details it attempts to log in, but then redirects back to the ~/CMSDesk or ~/CMSSiteManager URL, for example
CMSPages/logon.aspx?ReturnUrl=/MyVirtualDir/cmsdesk/default.aspx%3f
If I log in via my custom login page, and then attempt to access the Site Manager or CMS Desk, I have no problem. So I either need to get the Kentico login page working, or set the CMSDesk and CMSSiteManager URLs to point to my custom login page. Can you suggest which is the better approach and how I might achieve this.
|
|
|
|
|
Kentico Support
|
kentico_jurajo
-
6/15/2010 8:37:29 AM
RE:Whole site behind login page
Hi,
What are your "Website logon page URL" settings in Site Manager -> Settings?
It seems that you have set to require authentication on a logon page, which leads to a loop.
Could you please describe your current setup with more details? Thank you.
Best regards,
Juraj Ondrus
|
|
|
|
|
Member
|
Gais
-
6/17/2010 5:40:42 AM
RE:Whole site behind login page
Hi Juraj,
The "Website logon page URL" is set to "~/login.aspx"
The site is set up as follows;
CMS Root -
- Page 1
- Page 2
- Login
- Page 3
All pages are of type "Page (menu item)".
CMS Root - requires authentication.
All other pages inherit this setting from the root, except Login which has "Requires authentication" set to No.
Login uses a page template at ~/CMSTemplates/MySite/Login.aspx
Hopefully that's enough information. Let me know if not!
|
|
|
|
|
Kentico Support
|
kentico_jurajo
-
6/17/2010 7:51:05 AM
RE:Whole site behind login page
Hi again,
When you go directly to ~/cmsdesk or ~/cmssitemanager logon page, add the credentials, are you able to login? Could you please check the live site then or the authorization cookie to see if the user account was authorized or not (if you are logged in or not)?
Best regards,
Juraj Ondrus
|
|
|
|
|
Member
|
Gais
-
6/17/2010 8:14:46 AM
RE:Whole site behind login page
No I can't :(
If I log in via the CMS desk and then try and access the live site I get redirected to my custom login page, as though I'm not logged in.
When I logged in through my custom login page the following cookies were set;
.ASPXFORMSAUTH
ASP.NET_SessionId
CMSPreferredCulture
CMSPreferredUICulture
I then cleared all cookies and used the CMSDesk page to login and the following cookies were set;
ASP.NET_SessionId
CMSPreferredUICulture
Any ideas?
|
|
|
|
|
Kentico Support
|
kentico_jurajo
-
6/21/2010 8:13:48 AM
RE:Whole site behind login page
Hi,
This is very strange. Is it possible to send us link and access credentials to your page to support@kentico.com so we can investigate this weird behavior?
Thank you.
Best regards,
Juraj Ondrus
|
|
|
|
|
Member
|
Gais
-
6/21/2010 10:13:37 AM
RE:Whole site behind login page
I have emailed the details to Support.
Thanks for your help.
|
|
|
|
|
Member
|
Gais
-
6/30/2010 8:05:52 AM
RE:Whole site behind login page
Just to follow up on this. It was my fault!!
I have some additional code in the AfterAuthenticateRequest event in CMSRequest.cs, which when removed corrects my issue with the CMSDesk login.
However, I need to leave this code in place, but I figure I can conditionally skip my additional code if a user has logged in via the CMS desk or Site Manager. Is there a property I can check within the API that will tell me if the user is in the CMS Desk or Site Manager. If not I will have to inspect the URL and look for the string "/CMSDesk/" or "/CMSSiteManager/" to determine this.
|
|
|
|
|
Kentico Support
|
kentico_jurajo
-
7/1/2010 2:35:24 AM
RE:Whole site behind login page
Hi, Thank you for the update. I am afraid but I am not aware of any property which indicates if the user is in CMS Desk or in Site Manager. You will need to check the URL as you mentioned in your post. Best regards, Juraj Ondrus
|
|
|
|
|
Member
|
Knasr - Promolinks
-
10/15/2010 8:51:56 PM
RE:Whole site behind login page
i tried to access my kentico website but it require to login even i didn't write /cmsdesk
it require login as i access the back end .
any ideas .
|
|
|
|
|
Kentico Support
|
kentico_jurajo
-
10/18/2010 6:17:50 AM
RE:Whole site behind login page
Hi, We've communicating over the e-mail and I will post my suggestion here as well for reference for other users: What are your security settings? What is set as a default logon page in Site Manager -> Settings -> select your web site -> Security section? Isn't it possible that you have set on the root document the authentication requirement? For more details please see - kentico.com/Docs/DevGuide30/secured_web_site_areas.htm. Best regards, Juraj Ondrus
|
|