Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

Access to restricted document, redirect to login page?

Vote:
 

On a site we're currently building we have pages with links to documents (direct links to PDF files etc) which require the user to login in order to view them. The listing pages are public. We've restricted access to the documents using EPi's access rights, but the server error page that comes up when you try to access a document without logging in is a bit dramatic and useless.

We'd like to redirect the user to a login page when they try to access a restricted document, but can't figure out how to catch the error. The error page isn't even a 403 page but a 500 error caused by an UnauthorizedAccessException coming from VirtualPathVersioningProvider.GetDirectory. How do we catch this and redirect to another page?

#32500
Sep 04, 2009 13:19
Vote:
 
A bit More input to this problem:

 

We have a link on normal content that points to pdf dokument on a folder that is only available to Registered users. If an unregistered user clicks the link he/she get's this:

_________________________

 

Exception Details: System.UnauthorizedAccessException: You are not authorized to access /Global/PDS/EU_product_data_sheets/

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

___________________________

So what we want to do, is just Like Matti said in the first message: Open up a register form for our unregistered users instead of this error message. Problem is we can't catch the error and thus can't redirect unauthorized users to register form? Is there anyway how we could achieve our goal?

#32559
Sep 08, 2009 12:46
Vote:
 

Bump.

Anyone found a solution to this?

I have faced many similar situations where one wants to list files (or pages in menus e.g) where the listings are public, but the actual file (or page) requires a logged in user. Of course we would like to make use of the ACL, but how avoid such System.UnauthorizedAccessException at first? Basically one would like to have something similar to "list but not read"-access. 

There must be some common way to deal with this? (not using ACL and checking access directly in code everywhere is not very nice..)

#35888
Edited, Jan 05, 2010 16:01
Vote:
 

Any solution to this? Would like to redirect the user to the login page instead of showing a Server Error...

#56536
Jan 25, 2012 15:26
Vote:
 

My solution to the problem was to create a common base page (inheriting EPiServer.TemplatePage) from which all my aspx-pages dervies. In this base page I override the GetPage(PageReference pageLink, ILanguageSelector selector) method.

In this method I manually fetch the Page object via DataFactory.Instance.GetPage(pageLink), that is, with out any restrictions. Then I fetch the required access for the page and compares that to the currently logged-in (or even unauthenticated) user and takes action depending on what roles are missing.

 

Not sure if this really is the best implementation, but it does the job for me. I can send you some more details if you want.

#56537
Edited, Jan 25, 2012 15:38
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.