Forms authentication + domain alias

Quang Lai asked on December 14, 2015 17:36

Hello, we have IIS setup to deny anonymous users and the site's web.config uses Forms Authentication. For the main domain, the Kentico login page displays as intended. However, the site has a domain alias and when we use the domain alias, the login page is bypassed, making the site available to the public if they know the alias.

The web.config authorization configuration looks like so:

<authorization>
    <deny users="?">
<authorization>

Correct Answer

Roman Hutnyk answered on December 14, 2015 17:52

Why wouldn't you secure your pages with Kentico security settings? Go to Page Properties -> Security and configure it - Kentico will take care of the rest.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Quang Lai answered on December 14, 2015 19:05

Should it not be a lot easier to force a blanket authorization/authentication through IIS vs through the Pages app? We don't need the granularity of users/roles having different security levels, everyone must sign in.

And it works great for the main site domain, I just don't understand why domain aliases are not also trapped.

0 votesVote for this answer Mark as a Correct answer

Quang Lai answered on December 14, 2015 19:18

Update: I followed Roman's suggestion and used the Page -> Properties -> Security and marked "Everyone" required authentication, and it appears to be working across all domains, and for all users.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.