Hi, I had some subpage, which I wan't to be available only for logged in administratiors (redirecting back after login is nice to have feature and that also works)I already had working code, but I am wondering if there is a better way to do this, especially as I don't like the harcoded path `/Util/login.aspx?` to be there.
Tried googling that, with no success :/
var urlHelper = ServiceLocator.Current.GetInstance<UrlHelper>();
var friendlyUrl = urlHelper.ContentUrl(currentPage.PageLink);
I will appreciate any suggestions ;)
If you set the page permissions to not allow the everyone permission and only allow the groups you want access you'll not be able to see or access the page without logging in
Unless you have some strict requirements, I would just control the access rights on the page in the editor. There you can remove "Everyone" and "Authenticated" from the allowed users/groups. So you won't need to implement this logic in code.
However, keep in mind that access rights on a sub-tree be overwritten in Admin Mode. In which case such pages could theoretically be available.
Another way, if you want to control this in controller code, so it can never be inadvertently made public, is to decorate the controller with [Authorize(Roles="WebAdmins")]. Or any other roles you wish to support.
This will automatically handle the redirect logic that you were trying to implement in your sample.
Why not just decorate you controller and/or action with the [Authorize] attribute? The authorization middleware will handle the redirect autmotically for you. Otherwise you can just do return Challenge() to force a redirect.