When a page has expired (meaning its date to stop publishing it has passed) and a user visits it (perhaps had it bookmarked) they get redirected to the hidden EPiServer login page.
This can't be right? How can debug (if necessary?) and change so the visitors get a 404 page?
This is by design.
I recommend that you have a look at PageBase and EPiServer.Global using a tool like the dot net reflector.
You can override the default behaivour in your templates by creating an override for the virtual method AccessDenied() on your Page Tempalte. You may also want to override HandleAccessDenied() in your Global.asax.cs file.
The actual load of a PageData object and the security check that triggers access denied is implemented in the method PageBase.GetPage().
As Fredrik already mentioned, the easiest way is to override AccessDenied() in your templates or base class for your templates.
public override void AccessDenied()
// Important! Do not access CurrentPage directly with an anonymous user
PageData currentPage = DataFactory.Instance.GetPage(this.CurrentPageLink);
if (!this.IsEditOrPreviewMode && (!currentPage.CheckPublishedStatus(PagePublishedStatus.Published) || currentPage.IsDeleted))
Response.Status = "404 Not Found";
Response.StatusCode = 404;
Johan, what do you mean with that code comment?
The code is an example of how you can change the default behavior of access denied. Add the override to your TemplatePage sub class.
Johan: With the code above you will send a 404 to the user instead of redirecting them to the login page. You can also configure a custom 404 page in web.config.
The IsEditOrPreviewMode property is a custom implementation to check wether the user is in edit mode or not.
Or do you mean "Important! Do not access CurrentPage directly with an anonymous user"? If you just query the CurrentPage property you will get an infinite loop of calls to the AccessDenied() method. But it's safe to use CurrentPageLink and then get the page directly from DataFactory.
Sorry for the confusion, I meant what this comment - "// Important! Do not access CurrentPage directly with an anonymous user" means?
And thanks for pointing out that IsEditOrPreviewMode is custom, I had trouble finding it. :)
Now to find out how to make one of those.
Johan Petersson - I'm trying out your code example and after Request.End(); the user is just seeing a white blank page and not getting sent to the 404 page specified in web.config.
Am I missing something in the application code perhaps?
Can you paste custom errors section from web.config? Also there is a nice plugin for handling 404 and other errors: either from epicode or Geta - later handles page renames and such :).
You will need booth customError and httpErrors in web.config.
<customErrors defaultRedirect="/Error.aspx" mode="Off" redirectMode="ResponseRewrite">
<error statusCode="404" redirect="/NotFound.aspx" />
<error statusCode="500" redirect="/Error.aspx" />
<remove statusCode="404" />
<error statusCode="404" path="/NotFound.aspx" responseMode="ExecuteURL" />
<remove statusCode="500" />
<error statusCode="500" path="/Error.aspx" responseMode="ExecuteURL" />
This application is running on IIS6 so system.webServer isn't used. Is that a requirement?
I am trying to implement visitor registration and login for the front end. These visitors will only have access to the front end.
Can you suggests some reference links to achieve this.