Virtual Happy Hour this month, Jun 28, we'll be getting a sneak preview at our soon to launch SaaS CMS!

Try our conversational search powered by Generative AI!

Page Permissions Redirecting to CMS Log in

Vote:
 

Upgraded Epi to use Identity/Owin and its been pretty smooth sailing.

One issue we've come across is if we manage page visibility and set specific groups to view once a user has registered and logged (not cms), if you have the page link but aren't part of that Group you get redirected to the Cms login page.

From this post:

https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2014/3/Members-area-restrict-pages/

It suggests changing the forms url to the members page but the knock on effect would be admin/cms users if they try and go to /episerver (or whatever is configured) it would redirect to our customer login and instead will have to go directly to /util/login.aspx

Is there a best of both worlds here where we can keep the cms users too /episerver (or whatever is configured) but also make sure customers are redirected correctly.

I was thinking that maybe some type of Owin configuration could handle it and the routing, but i haven't come across anything like that

#226564
Aug 14, 2020 17:11
Vote:
 

We had something similar up in this forum post. You could try to solve it by intercepting the default handler.

In your case you could check whether the user is authenticated and has no roles. If that is true, then the user must have come here because of missing rights, not missing authentication. So you can redirect or rewrite to a different page and skip the default handling (which triggers OWIN to attempt authentication).

#226588
Aug 15, 2020 8:22
Vote:
 

Any direction on how to implement our own EPiServer.Web.IAccessDeniedHandler? Inheriting it doesn't seem to pick it up.

#226689
Aug 18, 2020 15:42
Vote:
 

You would need to intercept the implementation, like documented here.

Basically you create your own additional logic and return from the method if you handle it. If your method not handle the scenatio, then you call the default implementation and let it do it's job (as a fallback).

#226690
Aug 18, 2020 15:46
Vote:
 

So I implemented it as so:

public void ConfigureContainer(ServiceConfigurationContext context)
{
var container = context.StructureMap();
var services = context.Services;
services.Intercept<IAccessDeniedHandler>((locator, defaultCache) => new RoutingExtension(defaultCache));
//
//
//
}

Set up my own:

   [ServiceConfiguration(ServiceType = typeof(IAccessDeniedHandler))]
    public class RoutingExtension : IAccessDeniedHandler
    {
        private IAccessDeniedHandler _defaultCache;

        public RoutingExtension(IAccessDeniedHandler defaultCache)
        {
            this._defaultCache = defaultCache;
        }

        public void AccessDenied(HttpContextBase context)
        {
            var a = context.User;
        }
    }

But the AccessDenied method is never hit?

#226691
Aug 18, 2020 16:27
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.