Not logged in, no access



We have a problem/qustion, that we dont really understand:

* We have an Epi page ( inherits from Episerver.TemplatePage )

* We have overridden : public override void AccessDenied() to do nothing at all:


* When the current user is not logged in at all, there seems to be no problems, no exception is thrown

* When the user is logged in, but have no rights on that page, this throws an exception ( this exception is thrown when trying to execute/access : base.OnInit(e);, but we have also found out that it throws an exception when, for ex trying to access CurrentPage )

In our opinion, those two scenarios should behave in the sam way ?!

Is this an Episerver bug, or is it a correct behavior, if so; why ?

We have found some pretty ugly ways to solve this, but it would be great if someone explained ?

What we are trying to accomplish is:

The user/client is trying to access a page that he/she does not have access to, we want them to stay on the same page ( but display different content ).







Jan 18, 2010 10:39

The reason lies withing PageData.GetPage() that throws an AccessDeniedException if you are authenticated.

It is virtual so you can probably patch the problem by overriding GetPage() in addition to AccessDenied().

public virtual PageData GetPage(PageReference pageLink)
    if (this.IsDesignMode)
        return new PageData();
    PageData page = DataFactory.Instance.GetPage(pageLink);
    AccessLevel access = (pageLink.ID == this.CurrentPageLink.ID) ? this.RequiredAccess() : AccessLevel.Read;
    if (!page.GetSecurityDescriptor().HasAccess(PrincipalInfo.CurrentPrincipal, access))
        if (PrincipalInfo.CurrentPrincipal.Identity.IsAuthenticated)
            throw new AccessDeniedException();
    return page;
Edited, Jan 19, 2010 10:06
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.