November Happy Hour will be moved to Thursday December 5th.

EPiServer CurrentPrincipal Initialization

Vote:
 

Below is the following code I have for properly redirecting a user to an authenticated page   

string baseUrl = Request.Url.Scheme + "://" + Request.Url.Authority + Request.ApplicationPath.TrimEnd('/');
                UrlBuilder url = new UrlBuilder(baseUrl + returnUrl);
                
                object page;
                Global.UrlRewriteProvider.ConvertToInternal(url, out page);

                if (page != null && page is PageReference)
                {
                    // make sure EPiServer authenticates the user
                    if (!User.Identity.IsAuthenticated)
                        EPiServer.Security.PrincipalInfo.CurrentPrincipal = EPiServer.Security.PrincipalInfo.CreatePrincipal(mu.UserName);

                    PageReference reference = (PageReference)page;

                    if (reference.PageData().QueryAccess().Equals(AccessLevel.NoAccess))
                    {
                        string URL = string.IsNullOrEmpty(XavierPortalConstants.ErrorPage) ? "\\" : XavierPortalConstants.ErrorPage;
                        URL += "?" + XavierPortalConstants.ErrorCode + "=" + XavierPortalConstants.ErrorCode609;
                        Server.Transfer(URL);
                    }
                }

For the bolded text, is this the best way to initialize the current principal or does anyone see this as any foreseeable issues with this approach? I ask because once logged in, the current user isn't recognized as being authenticated and I need that information on the login page to check if that user has the access to the page that they are getting redirected to. All suggestions welcomed.

#62345
Oct 22, 2012 17:51
Vote:
 

Im not sure I understand what your after but

Why don't you just let the user login. In the login page you hook up to the logincontrols loggedin event. There you can perform your user right check and do any custom redirects.

But if you have user click on a link like http://www.yoursite.com/securefolder/cms/util/login.aspx?returnurl=/path/to/page and the user doesn't have access to the page episerver will throw an error and show an error page.

If you google a bit you will find information on how to setup your own custom error pages in episerver.

 

#62348
Oct 22, 2012 21:22
Vote:
 

Thanks. I will take that into consideration.

#62490
Oct 25, 2012 19:07
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.