Will this code password protect BE page?

Topics: ASP.NET 2.0
Mar 5, 2012 at 12:22 PM
Edited Mar 5, 2012 at 3:02 PM

If I use this code in my web.config will it password protect a page created within the Admin control panel in BE 2.5.0.6?  

I would like the user to have to be logged in to view a certain page.

I cannot seem to find a way to password protect a single page created in BE. If this will work, where in the web.config would it go?  Thanks for your time and help.

 

<location path="file1.aspx">
        <system.webServer>
            <security>
                <authorization>
                    <add accessType="Deny" users="?" />
                </authorization>
            </security>
        </system.webServer>
    </location>
Mar 6, 2012 at 1:39 PM

Anybody?

Coordinator
Mar 6, 2012 at 5:16 PM
Edited Mar 6, 2012 at 5:18 PM

Haven't try it but I guess you can put location tag in your web.config with location like "page/file1.aspx". Here some info and more info.

Mar 6, 2012 at 7:37 PM

Well I tried this code with limited success, it asks for login info but it does not accept the admin username or password, I would guess it is not looking at the blog database.  Anyone have any ideas on how to restrict access to a BE page.  Thank you.

       
<location path="page/ehikes.aspx">
        <system.webServer>
            <security>
                <authorization>
                    <add accessType="Deny" users="?" />
                </authorization>
            </security>
        </system.webServer>
    </location>

Mar 7, 2012 at 1:22 PM

Isn't there anyone out there that would like a BE page to require a login, seems like a request that would benefit BE users.

Coordinator
Mar 7, 2012 at 2:11 PM

It is not hard to add, but I'm currently down with flu :( If you willing to wait till weekend, this can be done relatively easily.

Mar 7, 2012 at 4:02 PM

Sorry you have the flu, definitely get your rest, drink plenty of fluids and get yourself well.  I can most surely wait for you to share your knowledge, skill  and your time to work on this for me.  Thank you very much rtur.

Coordinator
Mar 10, 2012 at 9:54 PM

This extension should do the trick.

Mar 10, 2012 at 10:15 PM

Thanks I'll give it a try, will this work for logged in users or will they need a special password for this page, I am trying to have the page available for only logged in users? I have about 500 hiking club members that have user accounts and with different passwords of course.

Coordinator
Mar 11, 2012 at 12:07 AM
Edited Mar 11, 2012 at 2:11 AM

I've added section to the post, but that's all you really need:

 

namespace App_Code.Extensions
{
    using System;
    using BlogEngine.Core;
    using BlogEngine.Core.Web.Controls;
    using System.Web;
 
    [Extension("Password protect posts and pages.", "1.0", "<a href=\"http://rtur.net/blog\">rtur.net</a>")]
    public class PasswordProtected
    {
        public PasswordProtected()
        {
            Post.Serving += Serving;
            BlogEngine.Core.Page.Serving += Serving;
        }
 
        private static void Serving(object sender, ServingEventArgs e)
        {
            if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
            {
                if(e.Body.Contains("[authenticated]"))
                {
                    e.Body = e.Body.Replace("[authenticated]", "");
                    if (!HttpContext.Current.User.Identity.IsAuthenticated)
                    {
                        HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
                    }
                }
            }
        }
    }
}
Mar 11, 2012 at 12:53 AM

So I replace the code in the first extension with this code?  I am trying to make a page with the title eHike to require a user login.  For BE 2.0 Ben did this:

See this post http://blogengine.codeplex.com/discussions/228869

Coordinator
Mar 11, 2012 at 2:12 AM

Yes.

Mar 11, 2012 at 3:44 AM

This is working great, it took me a moment to see that I needed to put [authenticate] on the pages that I need to be logged in to access.  Thank you very much for your generous help and I am glad you are feeling better.

 

Jun 24, 2012 at 8:39 PM
rtur wrote:

I've added section to the post, but that's all you really need:

 

namespace App_Code.Extensions
{
    using System;
    using BlogEngine.Core;
    using BlogEngine.Core.Web.Controls;
    using System.Web;
 
    [Extension("Password protect posts and pages.", "1.0", "<a href=\"http://rtur.net/blog\">rtur.net</a>")]
    public class PasswordProtected
    {
        public PasswordProtected()
        {
            Post.Serving += Serving;
            BlogEngine.Core.Page.Serving += Serving;
        }
 
        private static void Serving(object sender, ServingEventArgs e)
        {
            if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
            {
                if(e.Body.Contains("[authenticated]"))
                {
                    e.Body = e.Body.Replace("[authenticated]", "");
                    if (!HttpContext.Current.User.Identity.IsAuthenticated)
                    {
                        HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
                    }
                }
            }
        }
    }
}

Can code be added to this extension directing users to the login page if they click on a [authenticated] page without being logged in, it now brings up an error page.  Thank you for your help.

Jun 25, 2012 at 8:45 PM

Please disregard, issue solved.

Jun 26, 2012 at 6:52 PM

I thought there was a way to make all the pages or all the posts private. There is a right to allow to view public posts and public pages. Why not just have a flag to to indicate that the page or post is public. Public pages and posts would be shown to anonymous users while non-public posts/pages would require authentication. This seems to me to be the reason why there are rights to view public pages/posts...

Jun 26, 2012 at 8:59 PM

If I make a new BE page and want it to be editable to admin and only accessible to logged in members I think this is the only way to do it.

Mar 2, 2013 at 8:00 PM
When using this code with XML I don't have any issues. But when using SQL as the back end of my blog I receive the following message. Can someone help me out? It doesn't look like it's rendering the page before sending it to the Password Protect code.



Unable to cast object of type 'System.Data.DataRow' to type 'System.IConvertible'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidCastException: Unable to cast object of type 'System.Data.DataRow' to type 'System.IConvertible'.

Source Error:





Line 586: if (Serving != null)
Line 587: {
Line 588: Serving(page, arg);
Line 589: }
Line 590: }

Source File: d:\Downloads\BlogEngine.NET 2.7 (source)\Source\BlogEngine\BlogEngine.Core\Page.cs Line: 588

Stack Trace:





[InvalidCastException: Unable to cast object of type 'System.Data.DataRow' to type 'System.IConvertible'.]
System.Convert.ToInt16(Object value) +18
App_Code.Extensions.PasswordProtected.Serving(Object sender, ServingEventArgs e) +472
System.EventHandler`1.Invoke(Object sender, TEventArgs e) +0
BlogEngine.Core.Page.OnServing(Page page, ServingEventArgs arg) in d:\Downloads\BlogEngine.NET 2.7 (source)\Source\BlogEngine\BlogEngine.Core\Page.cs:588
page.ServePage(Guid id) +256
page.OnInit(EventArgs e) +288
System.Web.UI.Control.InitRecursive(Control namingContainer) +134

System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +489

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18034