Vulnerability in EPiServer.Forms
I've been looking for a while now to add membership to our clients website within EPiServer and as yet haven't been able to find a way. So is there a way to add a separate login area so a user can login to the website (not the CMS) and see secured content pages or what everelse I secure. If you know of any good posts or resources that would also be a bonus as when ever I search for it I just get posts about setting up the CMS's authentication.
You might want to take a look at Dejan's blogpost. You don't have to use webapi, but it gives an idea on how to proceed.
After you create the login logic, you simply change loginUrl in forms node:
<forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" />
Then, you use standard access rights / authorization functionality to control who sees what.
You can easily create your own login page if you don't like the default one that Episerver has. I blogged about this here
Then you set access rights on your pages in Episerver as mentioned in Admin handbook and you are basically good to go.
Great thanks for the help guys.