This is just a matter of setting the correct access permissions.

If you don't want this user to be able to access editor / admin mode, then ensure they aren't members of the WebEditor or WebAdmin groups.

To allow that user to see an unpublished page

1. Create a new group / role (for example "ViewUnpublishedPages")
2. Add that user to a group /role. If you want all users to have access then you could use a VirtualRole
3. Add specific access rights for that group to which ever page or branch you wish for them to view. They should have Read + (any of the other available rights). I chose to use create
4. This means that this user griup now will have the required permission to view an unpublished page on the relevant url

Got it! I was doing exactly that, except the group I was adding to was added to the roles allowed within edit mode within the web.config! Created a new group without that, and it works correctly - Thanks for the prompt Mark!

Actually, this required a tiny bit of extra work. I enabled read permissions within the admin panel, but it still triggered the accessdenied event, so I over-rode it with my own permission check.

Hey Karl - glad you got it working.

You shouldn't need to override the permission check on the template to achieve this - this means that you'll end up coupling your template with the specific group that you've given access to. Not a major problem mind, but a small code smell :)

Just to check - you need to enable Read + any other permission in Admin mode (I set the Create permission earlier). The 'Read' permission gives just the ability to view the published page. The other permissions gives the right to view (and edit if you also had the required access to the edit ui) an unpublished page.