Vulnerability in EPiServer.Forms
I create page in admin site under CMS (i.e. CMS/MyCustomAdminPage) with Menu Provider.
public class CmsMenuProvider : IMenuProvider
public IEnumerable GetMenuItems()
UrlMenuItem urlMenuItem = new UrlMenuItem("My Custom Admin Page", "/global/cms/MyCustomAdminPage", "/modules/MyCustomAdminPage/Home");
urlMenuItem.IsAvailable = (request => true);
urlMenuItem.SortIndex = 100;
return new MenuItem
My files structures like
When I clicked on menu, system redirect to MyCustomAdminPage with urgly url "AlloySampleSite/modules/MyCustomAdminPage/Home". How can I rewrite url like "AlloySampleSite/Episerver/MyCustomAdminPage" with authentication editor permission?
You can normally override routing to set up paths...see custom routing in Episerver for this. Location tags in web.config are normally used to restrict access. Check out setting for how Episerver locks down edit mode in web.config to webadmins etc.