6/9/2010 8:06:29 AM
Authentication & Site Security
I’ve got a small question in setting up multiple secure websites with Kentico 4.1.
For example, if I have two websites (Site1 & Site2) running on the same install containing both secure and none-secure pages. If I create a User (User1) and set them to Site1 with a unique Role for that site (Role1). I can set the secure pages on Site1 so they’re only accessible to Role1 users. Likewise on Site2, I can set the secure pages so they’re only accessible for Role2 type users. Which works fine, and means User1 has no access to the secure pages on Site2 (which are set to Role2 access only). The problem I have is if I try to login to Site2 with the User1 login details (which should have no connection with Site2), it still allows me though the login authentication process. Even though obviously once logged in I can’t continue to view any of the secured pages on Site2.
Is there anyway to straight away deny CMS Users from even being able to login to specific sites? It currently seams all CMS Users can gain login authentication on any site, even though eventually these users once authenticated can be denied access via Roles and the Security options on pages & webparts.
Hope that makes sense.