BE 2.8 password protected extension

May 28, 2013 at 8:00 PM
I am having an issue with the password protected extension in BE 2.8, worked fine in 2.5.

Check here, it brings up the page without loggin in and also shows this [authenticated].

Thanks for your help.
Coordinator
May 28, 2013 at 9:10 PM
I'll have to review it, will post here when fixed.
Coordinator
May 29, 2013 at 3:38 AM
Edited May 29, 2013 at 3:40 AM
Looks like it not really from extension but from quick mode I threw in without much testing.
Not sure how it worked for you in 2.5, but for authenticated users it should work if you change it from:
if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
{
  if(e.Body.Contains("[authenticated]"))
  {
    e.Body = e.Body.Replace("[authenticated]", "");
    if (!HttpContext.Current.User.Identity.IsAuthenticated)
    {
      HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
    }
  }
}
to:
if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
{
  if(e.Body.Contains("[authenticated]"))
  {
    if (!HttpContext.Current.User.Identity.IsAuthenticated)
    {
      HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
    }
  }
}
e.Body = e.Body.Replace("[authenticated]", "");
May 29, 2013 at 4:23 AM
Edited May 29, 2013 at 4:33 AM
I am not seeing the code to replace above, this is what I have.
namespace App_Code.Extensions
{
    using System;
    using BlogEngine.Core;
    using BlogEngine.Core.Web.Controls;
    using System.Web;
    using System.Text.RegularExpressions;
 
    /// <summary>
    /// Extension to password protect posts and pages
    /// </summary>
    [Extension("Password protect posts and pages.", "1.0", "<a href=\"http://rtur.net/blog\">rtur.net</a>")]
    public class PasswordProtected
    {
        public PasswordProtected()
        {
            Post.Serving += Serving;
            BlogEngine.Core.Page.Serving += Serving;
        }
 
        private static void Serving(object sender, ServingEventArgs e)
        {
            if (e.Location == ServingLocation.PostList || e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
            {
                if (!e.Body.Contains("[password:", StringComparison.OrdinalIgnoreCase))
                    return;
 
                var sessionPwd = "";
                var myCookie = HttpContext.Current.Request.Cookies["PasswordProtected"];
 
                if (myCookie != null)
                {
                    sessionPwd = myCookie.Value;
                    var returnUrlCookie = new HttpCookie("PasswordProtectedUrl") 
                        { Value = HttpContext.Current.Request.Url.ToString(), Expires = DateTime.Now.AddDays(7) };
                    HttpContext.Current.Response.Cookies.Add(returnUrlCookie);
                }
 
                const string regex = @"\[password:.*?\]";
                var matches = Regex.Matches(e.Body, regex);
 
                if (matches.Count > 0)
                {
                    string postPwd = matches[0].Value.Replace("[password:", "").Replace("]", "").Trim();
 
                    if (sessionPwd == postPwd || e.Location == ServingLocation.PostList)
                    {
                        e.Body = e.Body.Replace(matches[0].Value, "");
                    }
                    else
                    {
                        HttpContext.Current.Response.Redirect(
                            string.Format("{0}User Controls/Password/Protect.aspx", Utils.RelativeWebRoot));
                    }
                }
            }
        }
 
    }
}
May 29, 2013 at 5:20 AM
I am not sure why, but this is working for me now to pass protect a page, should I use it or change it to your new code?
Coordinator
May 29, 2013 at 3:09 PM
There is extension to password protect posts that can be easily modified to require authentication instead of password.
Looks like you modified it to authenticate and then reverted back to password protect.
To avoid confusion, you can copy code below as "RequireAuthentication.cs" into extensions directory and authentication should work fine as separate extension.
namespace App_Code.Extensions
{
    using System;
    using BlogEngine.Core;
    using BlogEngine.Core.Web.Controls;
    using System.Web;
 
    [Extension("Require authentication in posts and pages.", "1.0", "<a href=\"http://rtur.net/blog\">rtur.net</a>")]
    public class RequireAuthentication
    {
        public RequireAuthentication()
        {
            Post.Serving += Serving;
            BlogEngine.Core.Page.Serving += Serving;
        }
 
        private static void Serving(object sender, ServingEventArgs e)
        {
            if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
            {
                if(e.Body.Contains("[authenticated]"))
                {
                    if (!HttpContext.Current.User.Identity.IsAuthenticated)
                    {
                        HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
                    }
                }
            }
            e.Body = e.Body.Replace("[authenticated]", "");
        }
    }
}
May 30, 2013 at 1:54 AM
Thank you very much, I assume this will replace PassWordProtected.cs.
Jul 3, 2013 at 2:46 PM
First of all excuse for my english.

Now, I tried your Password Protected extension in the two ways: [password:yourpassword] and [authenticated].

They work, both of two, in a really great way and I thank you for producing them.

I prefer using the first of method (with password system) because of I need to make one people only to access only a sigle post (once you are logged to your post, you cannot download from the others post alse if you got editor credits).

The second method (authenticated) make all people with an account agreeded to see (and download files) to all posts, also posts that are not made for them.

Just remain a little detail to resolve: once I am logged, I do not need to make autentication anymore,
this is a little uncorfortable in case of using computers that are not yours (for example, when you are out of your office and you like so smart using your blog to find out files at the moment).

Is there a way to exit from the log once you have finished the job?

Thank you.

Best greetings.
Coordinator
Jul 3, 2013 at 7:31 PM
Password saved in the cookie:
Expires = DateTime.Now.AddDays(7)
Extension has no UI to reset this, but you can change default to for example "AddMinutes(15)" so it will expire in 15 minutes.
Jul 4, 2013 at 12:09 AM
Ok, I'll try this solution.

Thank you very much