Try our conversational search powered by Generative AI!

Password Protecting Pages: How?


Hi All,

Has anyone implemented the ability to password protect particular pages? I'm not talking about for editors and admins, I'm talking just for front end, user / customer, access. For example, say I have a page and I only want people with a password that I have shared with them to be able to view the page.

Am I asking for the wrong thing? Should I be looking at customer logins... perhaps functionality that would come Commerce or something like that?

thanks in advanced,


Sep 11, 2018 16:35

Hi Alex,

Here's a couple of ways:

First option is to utilise Episerver's built in Membership Provider and setup a "read" access only to your custom group, removing groups like "Everyone"

  1. Set up a new group, i.e. "MySecretsGroup" and add a User "MySecretUser"
  2. On your pages that you want to password-protect, remove the "Read" access from all groups, including "Everyone"
  3. When an end-user hits your password protected page, Episerver will serve the default login screen but will redirect to the frontend view page after authenticating the user (not the CMS)

Second option is to create your own CustomAuthorizeAttribute.cs and decorate your page type controller with this attribute (how you usually would in .NET MVC)

  1. Create a class CustomAuthorizeAttribute : AuthorizeAttribute (.NET [Authorize], implementing the relevant members)
  2. Create a new page type PasswordProtectedPage and decorate the controller of your page type with [CustomAuthorize]
  3. When an end-user hits a page with your specific page type, your custom auth implementation will kick in
Edited, Sep 11, 2018 17:47

Hi Nicola,

Many thanks for your reply. Both options look interesting, I'll give them a go!

Sep 12, 2018 8:59
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.