Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

Visitor Group returns episerver logon when criteria fails



I want to restrict an episerver web page to only be viewed in a specific country.

To achieve this i thought the best approach would be to create a visitor user group with the graphic location criteria. I have specified the desired continent and country and the region is set to any. I have checked the 'Make this visitor group available when setting access rights for pages and files' security role which then allows me to set the access rights on the page using the visitor group that i created.

From the set access rights option in admin i have assigned the new vistor group and given read access. This seems to work becuase I can see that the page is visble when viewing it in the desired country but when i do not match the criteria i am given the episerver logon screen? Is this defualt episerver behaviour? I would of expected a 404 or has this got to be done programatically?



Edited, Jan 23, 2017 21:06

As memory Episerver does not have 404 out of the box. You can customize visitor group. Good sample would be:

Jan 23, 2017 22:27

Hi Paul,

I blogged about this some time ago: How to return 404 for expired content

In version 10, episerver has introduced some major improvements, and 404 has become the default behavior. 

The question is, what should be returned for a non-expired page that user is not allowed to access?

The login page sounds fair, but you can change the default behavior with a global filter:

public class UnauthorizedContentFilter : AuthorizeAttribute
    public override void OnAuthorization(AuthorizationContext filterContext)
        // skip the execution for controllers
        // that don't derive from PageController<>
        if (!IsPageController(filterContext.Controller.GetType()))

        // don't throw 404 in edit mode
        if (PageEditing.PageIsInEditMode) return;

        var pageContext = ServiceLocator.Current.GetInstance<IPageRouteHelper>();

        if (pageContext?.Page != null && !pageContext.Page.QueryDistinctAccess(AccessLevel.Read))
            filterContext.Result = new HttpStatusCodeResult(404, "Not found");

    private static bool IsPageController(Type type)
        if (type.IsGenericType && type.GetGenericTypeDefinition() == typeof(PageController<>))
            return true;

        return type.BaseType != null && IsPageController(type.BaseType);
public class UnauthorizedContentModule : IInitializableModule
    public void Initialize(InitializationEngine context)
        GlobalFilters.Filters.Add(new UnauthorizedContentFilter());

    public void Preload(string[] parameters) { }

    public void Uninitialize(InitializationEngine context) { }

Hope this helps!

Jan 23, 2017 23:24

Hi Both,

I continued to research online and got the feeling that showing the Epi login screen was the default behaviour when a visitor group criteria is not met. However, thanks for confiriming!

@Dejan - Thanks for the link to your blog post an excellent read which i actually did stumble across during my researching :). The code snippet you provided is very helpful.

I dont see the option to mark your post as the answer.

Thanks for the feedback guys :)


Edited, Jan 26, 2017 10:57
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.