SaaS CMS has officially launched! Learn more now.

Redirect to Epi login screen

Vote:
 

Hi, 
I had some subpage, which I wan't to be available only for logged in administratiors (redirecting back after login is nice to have feature and that also works)
I already had working code, but I am wondering if there is a better way to do this, especially as I don't like the harcoded path `/Util/login.aspx?` to be there.

Tried googling that, with no success :/

            if (!User.Identity.IsAuthenticated)
            {
                var urlHelper = ServiceLocator.Current.GetInstance<UrlHelper>();
                var friendlyUrl = urlHelper.ContentUrl(currentPage.PageLink);
                return Redirect($"~/Util/login.aspx?ReturnUrl={HttpUtility.UrlEncode(friendlyUrl)}");
            }

I will appreciate any suggestions ;) 

#306434
Aug 08, 2023 10:14
Vote:
 

If you set the page permissions to not allow the everyone permission and only allow the groups you want access you'll not be able to see or access the page without logging in

#306441
Aug 08, 2023 15:51
Vote:
 

Hi Matias

Unless you have some strict requirements, I would just control the access rights on the page in the editor. There you can remove "Everyone" and "Authenticated" from the allowed users/groups. So you won't need  to implement this logic in code.

However, keep in mind that access rights on a sub-tree be overwritten in Admin Mode. In which case such pages could theoretically be available.

#306443
Aug 08, 2023 16:04
Vote:
 

Another way, if you want to control this in controller code, so it can never be inadvertently made public, is to decorate the controller with [Authorize(Roles="WebAdmins")]. Or any other roles you wish to support.

This will automatically handle the redirect logic that you were trying to implement in your sample.

#306444
Edited, Aug 08, 2023 16:06
Vote:
 

Why not just decorate you controller and/or action with the [Authorize] attribute? The authorization middleware will handle the redirect autmotically for you. Otherwise you can just do return Challenge() to force a redirect.

#306445
Aug 08, 2023 16:08
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.