November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
Restrict backend user to be treated as logged in in front end
Hi,
As the pages should be visible to everyone, I'm assuming it's not an issue that the CMS users can see the pages on the site and that the issue is that they're seeing the logged-in state of the pages. What I'd suggest for this is to assign a role to all of the front-end users then, where you're currently checking whether the user is authenticated, check whether they're a member of that role as well.
Apr 04, 2019 10:36
You can follow the pattern that is used by Quicksilver, i.e. having a shared login page. If an administrator logged in then he/she can see quick menu and can access to protected path. A normal user can be logged in without seeing the quick menu, and if he or she try to access a protected path then he or she will be asked to login again. IMO that works quite well and it can hide your implementation details from your end users, which is probably a good thing.
Apr 04, 2019 10:49
I have two separate login pages for edit mode and front end users for my commerce site. Currently, front end users cannot go to backend CMS by allowing roles to location path as below.
<location path="EPiServer/CMS/admin"><system.web><authorization><allow roles="WebAdmins, Administrators" /><deny users="*" /></authorization></system.web></location>However, backend users(webadmins, admin and WedEditors) can log in to commerce part. I cannot even use same allow roles as above for frontend as it should be accessible even when not logged in. I am using identity to authenticate and User.Identity.IsAuthenticated to check authentication. IsAuthenticated is true for both backend and frontend users when logged from respective login screen. How to avoid this?