Must be logged in to view certain catagory of posts

Topics: ASP.NET 2.0, Controls
Sep 28, 2010 at 3:08 PM

I have looked at this http://blog.lavablast.com/post/2008/08/13/BlogEnginenet-Post-Security.aspx, but what I would like to accomplish is to have a category of blog posts be restricted to members that are logged in only, and not visible to visitors and not logged in members.  There would be unrestricted blog posts on the same page as the posts I want restricted, (The home page).

Can someone point me in the right direction.

Thank you.

Coordinator
Sep 28, 2010 at 3:15 PM

See my post here on August 31st.

The idea there is that posts tied to a certain category can only be viewed by users who are in a certain role.  But this last part could be changed to simply check if the person is logged in -- regardless of what roles the user may be in.

The key here is to modify the IsVisible property in the Post class (in the BE core).  You change it by making posts of a certain category not be visible to users who are not logged in.

Sep 28, 2010 at 3:16 PM

Thanks Ben, I may need help on that change though.

Sep 28, 2010 at 3:53 PM

Ben,

What would I change in your code and where do I make the change. Thank you

public bool IsVisible
{
	get
	{
		if (IsAuthenticated || (IsPublished && DateCreated <= DateTime.Now.AddHours(BlogSettings.Instance.Timezone)))
		{
			bool isFamilyPost = Categories.Find(delegate(Category c)
			{
				return c.Title.Equals("family", StringComparison.OrdinalIgnoreCase);
			}) != null;

			if (isFamilyPost)
			{
				return Thread.CurrentPrincipal.IsInRole("Family");
			}

			return true;
		}

		return false;
	}
}
Coordinator
Sep 28, 2010 at 9:26 PM

Just two things, actually.

The obvious one, is to replace "family" with the name of your category (where it says c.Title.Equals("....."))

The second thing is, instead of:

return Thread.CurrentPrincipal.IsInRole("Family");

change that to:

return IsAuthenticated;

Sep 28, 2010 at 10:56 PM

Thank you Ben, and where is the file that I need to change?

Sorry for all the questions.

Coordinator
Sep 29, 2010 at 3:57 AM

No problem, of course.  It's Post.cs in the BE core.  This means that after changing it, recompiling the BE core to produce a new BlogEngine.Core.dll file (for the /BIN folder) is necessary.

Sep 29, 2010 at 10:44 AM

I am not sure what the BE core is, do you mean this file post.aspx.cs? 

If you have time could you show me exactely what I need to change. The category would be eHike that I have added and wish to restrict to logged in members.

Thank you, I am a complete novice at and don't want to screw up everything.

Coordinator
Sep 29, 2010 at 11:34 AM

It looks like you have BE 1.6 on the hiking site.  The BE code has two parts to it -- the BE Core and the Web files.  When you download BE, there's the "Web" version and the "Source" version.  The Source version has the BE core files in it (and the normal Web files too -- it has everything).  Do you have Visual Studio (I think you do, but can't remember).

Assuming you do have VS, the Source version of BE 1.6 is on the Downloads page.  When you extract the ZIP, the BE core files are in the "BlogEngine.Core" folder.  In the root folder that you extract, is a file named "BlogEngine.sln" (the VS solution file).  If you open this SLN file in VS, there should be 2 projects in the solution.  1 project is the Core project and the other project is the Web project (the same two projects I mentioned above).  You should be able to see both projects in the VS Solution Explorer window (top right).

Within the Core project is Post.cs.  In that file is the "IsVisible" property where the code change will be made.  Assuming you get this far (!), and are able to make the code change, you can build the solution under the Build menu.  When you build the solution, it will create a new BlogEngine.Core.dll file in the /bin directory.  You can confirm this by checking the timestamp of the BlogEngine.Core.dll file.

If you get stuck, I could make this modification for you and send you the DLL, but it might be most ideal if you could get it working on your end in case you want to make future changes (e.g. change or add the "private" category), or for when you upgrade to a newer version of BE someday, making this change again to the Post.cs file for the new BE version will be necessary.

It would be nice if this customization could be made outside the BE core.  An extension doesn't really fit the bill since it could prevent someone from reading the content of the private blog posts, but the private blog posts existence and their titles would still be visible (only the content could be hidden).  The "IsVisible" property is really a perfect place for this logic.

Sep 29, 2010 at 11:52 AM

As always, thanks for your help Ben, I use the Express version of Visual Studio and the Web version of 1.6.0 for the hiking website.  I will try to follow your great instructions and let you know how I do.  When I get to Post.cs I assume I replace the code in the "IsVisible" property with the new code.  If I get this done and it works locally I then upload the new dll file to my website and all should be well....:-)

Sep 29, 2010 at 12:46 PM
Edited Sep 29, 2010 at 1:11 PM

Hi Ben,

Well I got as far as making the code change in the "Post.cs" and thought that I was successful in the build, I put the new dll in the bin directory of my hiking website, bought the site up locally, logged in as admin,put a entry in with the eHike category, logged out, and the entry was still visible.  Not sure where to look now. The build must have worked because I took the original dll out and replaced it with the new one and the site came up OK locally.  Here is the code that I replaced.  (edited, please see below)

   public bool IsVisible
        {
            get
            {
                if (IsAuthenticated || (IsPublished && DateCreated <= DateTime.Now.AddHours(BlogSettings.Instance.Timezone)))
                {
                    bool isFamilyPost = Categories.Find(delegate(Category c)
                    {
                        return c.Title.Equals("eHikes", StringComparison.OrdinalIgnoreCase);
                    }) != null;

                    if (isFamilyPost)
                    {
                        return IsAuthenticated;
                    }

                    return true;
                }

                return false;
            }
        }

Edited part:

I thought I had found the error, I made the category eHikes in the code and in the entry I made it eHike, so I created a category names eHikes and reposted, but the issue still exists. If you are so inclined to create the dll for me I would like the category to be eHike.  I'm sure that I can though it again and  make the category change in the post.cs if it can be figured out why it does not work.

 

Thanks Ben this certainly is a learning experience, I hope my old mind can retain it.

Sep 29, 2010 at 1:20 PM

Update:

I made the change in the post.cs to reflect the change from the category eHikes to eHike, rebuild  it, replaced the dll in the website and edited the blog entry to reflect eHike instead of eHikes category and it is still visible when not logged in.

Sep 29, 2010 at 5:18 PM

Hi Ben,

I found this, maybe this is the one I should use?

 /// <summary>
        /// Gets whether a post is available to visitors not logged into the blog.
        /// </summary>
        public bool IsVisibleToPublic
        {
            get
            {
                return IsPublished && DateCreated <= DateTime.Now.AddHours(BlogSettings.Instance.Timezone);
            }
        }

Coordinator
Sep 30, 2010 at 12:32 AM

At least you gave it a shot and learned something.  I emailed you a modified version of the DLL.  I tested it too with success.  It will not display posts with the category eHike to users who are logged out.

In this case, it's the IsVisible property (and not the IsVisibleToPublic property) that is used for determining if a post should be shown in the post list, as well as when an individual post is viewed.

But this same logic should be applied to the IsVisibleToPublic property too (the 2nd email I sent does this) -- glad you brought this up.  The code changes include a change to IsVisible, IsVisibleToPublic, and a new IsPrivateCategory property.  For reference, here's that block of code:

/// <summary>
/// Gets whether or not the post is visible or not.
/// </summary>
public bool IsVisible
{
	get
	{
		if (IsAuthenticated || (IsPublished && DateCreated <=
			DateTime.Now.AddHours(BlogSettings.Instance.Timezone)))
		{
			if (IsPrivateCategory)
			{
				return IsAuthenticated;
			}

			return true;
		}

		return false;
	}
}

private bool IsPrivateCategory
{
	get
	{
		bool isPrivateCateogry = Categories.Find(delegate(Category c)
		{
			return c.Title.Equals("eHike", StringComparison.OrdinalIgnoreCase);
		}) != null;

		return isPrivateCateogry;
	}
}

/// <summary>
/// Gets whether a post is available to visitors not logged into the blog.
/// </summary>
public bool IsVisibleToPublic
{
	get
	{
		return
			IsPublished &&
			DateCreated <= DateTime.Now.AddHours(BlogSettings.Instance.Timezone) &&
			!IsPrivateCategory;
	}
}

Sep 30, 2010 at 12:54 AM
Edited Sep 30, 2010 at 1:07 AM

Thanks for your help Ben, I put this file in my hiking website and entered a blog entry with ehike as the category but it is still visible when I am not logged in.  Should this work locally or only on the webhost server.

edited:

I published the new dll to http://www.sahcinfo.org/ and the post is still visible without logging in.  I also made a change in the web.config, saved it and changed it back to jog the website but it didn't work.

 

Jerry

Sep 30, 2010 at 1:34 AM

Everything working as planned, thank you Ben for your generous help.