I want to use two different login procedures depending on the page that is being requested.
For example:
If the user is not logged in and accesses /admin or /edit I want the usual Episerver login to appear. If the user tries to open any other page I want an own login page to appear.
What I did:
I created a LoginWrapper.aspx that reads the parameters and redirects to either /util/login.aspx or /myownlogin.aspx depending on the ReturnUrl parameter. Of course sending the ReturnUrl.
The problem:
I'm getting a HTTP 400 Bad Request error when accessing /util/login.aspx through this redirect. I guess that LoginBase doesn't allow redirects.
My solution:
I change /templates/login.aspx to not inherit from LoginBase and use
EPiServer.Util.LoginBase.HandleFormsLogin(Username.Text, Password.Text, this.PersistCookie.Checked)
instead of
HandleLogin()
My question:
Is this a bad idea in terms of security?
/René
EPiServer.Util.LoginBase.HandleFormsLogin(Username.Text, Password.Text, this.PersistCookie.Checked)
instead ofHandleLogin()
My question: Is this a bad idea in terms of security? /René