Expired page redirects visitor to episerver login page

Vote:
 

Hi,

We have a problem that has been raised before. That an expired page redirects the visitor to the login page of episerver:

http://world.episerver.com/forum/developer-forum/EPiServer-CMS-6-CTP-2/Thread-Container/2013/10/Visitors-get-redirected-to-EPi-login-page-when-visiting-expired-page/

Only the solution mentioned in the article (and some other articles I found) they all refer to web forms. Since our solution is cms 9 we need a solution for MVC. Anyway I don't seem to find any information about it.

Any help or tips appreciated,

thanks Asa

#162153
Oct 11, 2016 17:55
Vote:
 

I know we solved that in the http://www.episerver.se/partners/add-on-store/mogul-seo-manager/

What do you want to do? Custom 410 page? I can give you some sample code if you need...

#162159
Edited, Oct 11, 2016 19:19
Vote:
 

I have taken a quick soltuion to this in the past using 7.5 and run a check in the PageControllerBase<T> to throw a 404 to the user if not in edit mode

		protected override void OnAuthorization(AuthorizationContext filterContext)
		{
			if (PageContext.Page.QueryAccess().HasFlag(AccessLevel.Read))
				return;

			if (!EPiServer.Editor.PageEditing.PageIsInEditMode)
			{
				throw new System.Web.HttpException(404, "Page Not Found");	
			}
			base.OnAuthorization(filterContext);
		}
#162972
Oct 18, 2016 13:34
Vote:
 

Hi Asa,

I blogged about this a year ago: http://www.dcaric.com/blog/episerver-how-to-return-404-for-expired-pages

EPiServer will update default behavior so that 404 is returned instead of login page (will try to find a link to that announcement :) ).

Hope this helps!

#163185
Oct 19, 2016 16:31
Vote:
 

And be very careful with 410.

It means that the client should not request the resource again in the future.

Here's an interesting blog post on that subject by Scott Hanselman: http://www.hanselman.com/blog/410GoneThoughtsOnMarkDiveintomarkPilgrimsAndWhysInfosuicides.aspx

#163186
Oct 19, 2016 16:36
Vote:
 

Hi all

This may be solved in the upcoming Episerver 10. See the first smaller breaking change here: http://world.episerver.com/blogs/Per-Bjurstrom/Archive/2016/6/planned-breaking-changes-2016/ Links to unpublished content will return 404 (instead of login screen).

David

#163187
Oct 19, 2016 18:18
Vote:
 

@Dejan I agree. A general 410 approach is a bit too hardcore. 404 is better. 

@David You can't just go around fixing all these quirks. Soon even designers can code a decent Episerver site ;)

Great news! I do love my 404s...

#163188
Oct 19, 2016 20:36
Vote:
 

This is solved in Episerver 10.0.1

#170703
Oct 26, 2016 21:38
Vote:
 

Big thanks for all input. We have finally solved it with a custom attribute. Seems to work fine. Only couldn't find any other way to pas the pagedata then through a viewbag set in the base controller. doesn't feel so neat. Anyway seems to do the trick

[AttributeUsage(AttributeTargets.Class)]
    public class CustomAuthorizeContentAttribute : AuthorizeContentAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);

            var controller = filterContext.Controller;
            var pageData = controller.ViewBag.PageData as PageData;

            // Is it an authenticated user? We do this redirect because otherwise epi  
            // redirects to epi login screen as default behaviour when a page is expired
            if ((pageData == null) || 
                ((pageData.IsPendingPublish || pageData.StopPublish <= DateTime.Now) && !filterContext.HttpContext.User.Identity.IsAuthenticated))
            {
                filterContext.Result = new RedirectResult("/404/");
            }
        }
    }
#170752
Oct 28, 2016 11:49
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.