How to restrict access to the CMS Desk for non-authenticated users
This article gives you instructions on how to restrict access to the CMS Desk (or to any other area within Kentico CMS) for non-authenticated users:
This article is based on our documentation and it takes advantage of the approach mentioned in following article in point 4 ->
Securing the CMSHelp folder.
So, please edit your web.config file as described in the mentioned article and update as below:
<authentication mode="Forms">
<forms loginUrl="~/" defaultUrl="Default.aspx" name=".ASPXFORMSAUTH" timeout="60000" slidingExpiration="true" />
</authentication>
As the loginUrl you can use the landing page or the 404 page as you need.
<location path="CMSDesk">
<system.web>
<authorization>
<allow roles="_authenticated_"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
With this configuration, only authenticated users will be able to access the CMS Desk including the CMS Desk logon page. So obviously you will need to create your own logon page (or use the one you have probably already added on your page) and let your editors sign in using this logon page instead.
Applies to: Kentico CMS 7.0