SaaS CMS has officially launched! Learn more now.

Visitors get redirected to EPi login page when visiting expired page

Vote:
 

When a page has expired (meaning its date to stop publishing it has passed) and a user visits it (perhaps had it bookmarked) they get redirected to the hidden EPiServer login page.

This can't be right? How can debug (if necessary?) and change so the visitors get a 404 page?

#76400
Oct 24, 2013 7:36
Vote:
 

This is by design.

I recommend that you have a look at PageBase and EPiServer.Global using a tool like the dot net reflector.

You can override the default behaivour in your templates by creating an override for the virtual method AccessDenied() on your Page Tempalte. You may also want to override HandleAccessDenied() in your Global.asax.cs file.

The actual load of a PageData object and the security check that triggers access denied is implemented in the method PageBase.GetPage().

#76437
Oct 24, 2013 14:54
Vote:
 

Hi,

As Fredrik already mentioned, the easiest way is to override AccessDenied() in your templates or base class for your templates.

 

public override void AccessDenied()
{
    // Important! Do not access CurrentPage directly with an anonymous user
    PageData currentPage = DataFactory.Instance.GetPage(this.CurrentPageLink);

    if (!this.IsEditOrPreviewMode && (!currentPage.CheckPublishedStatus(PagePublishedStatus.Published) || currentPage.IsDeleted))
    {
        Response.Status = "404 Not Found";
        Response.StatusCode = 404;
        Response.End();
    }

    base.AccessDenied();
}

    

#76456
Oct 24, 2013 17:55
Vote:
 

Johan, what do you mean with that code comment?

#76459
Oct 24, 2013 21:14
Vote:
 

The code is an example of how you can change the default behavior of access denied. Add the override to your TemplatePage sub class. 

#76460
Oct 24, 2013 21:55
Vote:
 

Johan: With the code above you will send a 404 to the user instead of redirecting them to the login page. You can also configure a custom 404 page in web.config.

 

The IsEditOrPreviewMode property is a custom implementation to check wether the user is in edit mode or not.

#76461
Oct 24, 2013 23:00
Vote:
 

Or do you mean "Important! Do not access CurrentPage directly with an anonymous user"? If you just query the CurrentPage property you will get an infinite loop of calls to the AccessDenied() method. But it's safe to use CurrentPageLink and then get the page directly from DataFactory.

#76462
Edited, Oct 24, 2013 23:03
Vote:
 

Sorry for the confusion, I meant what this comment - "// Important! Do not access CurrentPage directly with an anonymous user" means?

And thanks for pointing out that IsEditOrPreviewMode is custom, I had trouble finding it. :)

Now to find out how to make one of those.

#76463
Oct 24, 2013 23:04
Vote:
 

Johan Petersson - I'm trying out your code example and after Request.End(); the user is just seeing a white blank page and not getting sent to the 404 page specified in web.config.

Am I missing something in the application code perhaps?

#76518
Oct 28, 2013 9:20
Vote:
 

Can you paste custom errors section from web.config? Also there is a nice plugin for handling 404 and other errors: either from epicode or Geta - later handles page renames and such :).

#76562
Oct 28, 2013 23:39
Vote:
 

You will need booth customError and httpErrors in web.config.

<system.web>
	<customErrors defaultRedirect="/Error.aspx" mode="Off" redirectMode="ResponseRewrite">
		<error statusCode="404" redirect="/NotFound.aspx" />
		<error statusCode="500" redirect="/Error.aspx" />
	</customErrors>
</system.web>
...
<system.webServer>
	<httpErrors errorMode="Detailed">
		<remove statusCode="404" />
		<error statusCode="404" path="/NotFound.aspx" responseMode="ExecuteURL" />
		<remove statusCode="500" />
		<error statusCode="500" path="/Error.aspx" responseMode="ExecuteURL" />
	</httpErrors>
</system.webServer>

    

#76563
Oct 28, 2013 23:46
Vote:
 

This application is running on IIS6 so system.webServer isn't used. Is that a requirement?

#76567
Oct 29, 2013 7:48
Vote:
 

Hi,

I am trying to implement visitor registration and login for the front end. These visitors will only have access to the front end.

Can you suggests some reference links to achieve this.

Thanks
Pankaj

#118617
Mar 11, 2015 7:21
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.