restrict site access

Topics: Business Logic Layer
May 8, 2011 at 2:00 PM

Hi,

Just wondering. Is it possible to create sites with restricted access to either the complete site or part of the site?

I have been looking in the documentation first but could not find this, maybe I overlook something.

Any idea is welcome.

BL

May 10, 2011 at 12:09 PM

You could do this at the server level by adding a password to the folder.

 

I have only been using BE a couple of days but I dont think this option is available from the control panel.  I think you could however create a http module that redirected all traffic for a particular folder to an authentication page.  I have done something similar on another project where we used url re-writing but not sure how it would tally up with BE.

May 10, 2011 at 5:25 PM

You can use the BE security, implemented for the admin panel,  for the whole BE site or parts of the site

All you need to do is edit the web.config file specifying you want the contents of the root folder to be a secure location path. You can also set different levels of access on subfolders and individual .aspx files based on the users you create in the admin panel and what roles they have been assigned.

Add the following code below the </system.codedom> to lockdown anything within the root.

  <location path="">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>  

This should force all users to the login page unless of course thy are logged in!

Also bear in mind that if you browse some of the other sub-folders with the admin folder e.g. 'Comments' you will find a web.config file explicitly for setting access rights to that particular folder, which is useful, otherwise the root web.config can get messy

MT