Hallo,
i have created a web site with Asp.Net by using Sql Membership Provider, sitemap and security trimming enabled.
Based on these i have set web.config files into directories for allowing or not the users access according to their roles.
After some time i removed the MembershipProvider and i creted by hand the "standard" login procedure which cretaed a ticket and a authentication cookie and sets the GenericPrincipal into the Application_AuthenticateRequest.
The problem after these changes is that althought the sitemap displays the right pages for each different user according to his roles, when i click on this page the system redirects me to the "default.aspx" page such as the user is not allowed to enter that page!
It is strange that the sitemap and security trimming is working BUT actually i cannot enter the pages!!!!!
You can add users and roles with IIS management tool. This way you can avoid any typing error.
Related
I have a site that I'm trying to migrate into my Sitecore instance. The Sitecore instance has multiple sites. For the one site I'm trying to migrate over, there is a login page for external users to login. I'm validating this against an external database. This all works so far. My issue is that I need to prevent the external users from accessing certain pages without logging in(they should be redirected to the login page). The way that this was working when the site was outside of Sitecore was that there was forms authentication being done and when a page was trying to be accessed without the user being logged in the ReturnURL would be used to return the user to the proper page after login.
I'm not sure how to do this now that I have multiple sites inside of my sitecore instance.
Any suggestion?
This is not very different in Sitecore to how it was done before, except now you can control the security of which pages should be accessible by logged in users with the Sitecore Security Editor. There are a few pieces which you need to hook up in order to get this work properly though.
Have a read through these articles, they should provide everything you need to get this to work:
Implementing Sitecore Extranet login on a website
Setting Up a Sitecore Extranet (site seems to be down, view cached copy)
Set the value of <setting name="NoAccessUrl" value="/sitecore/service/noaccess.aspx" /> in web.config to your Login page (this can be an item in Sitecore) using a patch config and if a user tries to access a restricted page they will be redirected to this page, which will also include the return url parameter.
If you are using an external database to authenticate users then you will also need implement your own membership provider:
Sitecore authenticate users against external membership database
Sitecore Membership Providers
Be sure to correctly set the domain attribute of your <site> definition to whatever you set in domains.config and set as the providerName of your <provider> definition.
I am working on asp.net for my website. Actually my site have two types of roles admin and user. I saw in asp.net development site at create new wizard user have a selection for roles like admin and user but if a crazy user may select admin role though he is a normal user so how could i control the user role selection.
For my optionion you should not rely on the wizard which ships with asp.net.
You should have your own control over creating users.
I would start to look at the Membership api to see how to access it from source code, how to add roles and how to authenticate... this is basically how the wizard magic works...
http://www.asp.net/web-forms/videos/authentication
http://www.4guysfromrolla.com/articles/120705-1.aspx
http://msdn.microsoft.com/en-us/library/ff648345.aspx
HTH
I have a application on iis7 using anonymous authentication. I want to retrieve the LOGON_USER from the server variables. It is currently empty. Microsoft suggests how to populate the values of serer variables in this post.
But that is for iis5 & 6. How to do it in IIS7?
Actual problem I am trying to solve is: the application is for intranet and internet users and is a sitecore application running on iis7. If I use windows authentication, I get the domain and username and I can bypass login for intranet users, but for external users, i need to have anonymous authentication also. Having both together will not populate values in the server variables. Have been going through many posts. Also this which says to use Forms and windows authentication.
Not able to solve it properly.
Any help is appreciated.Thanks!!!
In order to track a user profile, the user will need an ASP.Net profile created.
There is programming involved to associate a Sitecore DMS/OMS visitor profile with an actual Asp.net profile. If you want to continue to track Sitecore user profile, you would have to use the Tracker.Visitor.ExternalUser and not iis to determine the current visitor on the internet site.
I have added the SQL Role Provider and SQL Membership Provider to an existing application and set the authentication mode to Windows. I have created roles, but I cannot add users.
In the Security Tab of Web Site Administration Tool, I search for my user name and get the following:
No users found for this search.
It is my expectation that the tool would search AD for users. Am I supposed to add users to the aspnet_Users table manually? Or is there some key configuration element I'm supposed to set in the Web.config?
Here is an article by Scott Gu on how to do what you want.
Forms authentication should be used in order to add users through the WebSite Administration Tool. WHen using Windows authentication new users must be added by creating a new account in ActiveDirectory on the domain.
I've built a new sharepoint site page using the example I found here:
Link
The purpose of the page is to add a new user to the aspnet membership database that serves as the authentication provider for my sharepoint site, which uses forms based authentication.
I've slightly customized the asp createuser control.
The sharepoint site is forms based but the top level site is accessible anonymously, and I've created a subsite for members (hence the user registration page). The site page is in the top level site so that people can register.
If I'm already logged in and fill out the form, the user is successfully added to the membership store, however if I access the page anonymously and fill out the form, the user is successfully added to the membership database, but I can no longer navigate the website, I keep getting http 500 page cannot be displayed errors until I clear the browser cache and cookies.
I don't think it's a programming error but more likely something to do with site security and authentication
Once the user is created successfully and page is redirected to the one you provided in ContinueDestinationPageUrl property, the page is being loaded with the recently created user’s credentials. Since you haven’t added this new user to your MOSS site, you’ll get Access Denied error. So, in order to resolve this issue, you need to set LoginCreatedUser property of the control to false, so that page is loaded with the original user’s credentials, not with the one’s recently created.