Require login before viewing

[jguengerich]

I would like to require users to log in before they can view anything on the site. I found the following thread with instructions for modifying the web.config file:
viewtopic.php?f=42&t=7286&start=0
However, when I try that, I am taken to the login page, but it is basically just the text and links (see attachment).

Is there a different way to force logins now?

[AbleMods]

I tested the older post on a Gold R4 install today.

It worked for me when I added only this to web.config in the root of the site:

Code: Select all

<authorization>
         <deny users="?"/>
</authorization>

Immediately after the <system.web> tag.

I did not add the captcha related entries from that older post.

[jguengerich]

I tried it again and it worked the first time - sort of. My logo didn't show up, and clicking on the Wishlist button (top) or link (bottom) took me to the wish list screen instead of the login screen (I'm using the Wireframe theme). After I logged in and logged back out, I got the same screen I showed in my initial post. Closing the browser and opening it again didn't help. Trying other browsers and clearing the browser caches didn't help. Restarting the site didn't help.

Very strange.
Any other suggestions?

[AbleMods]

Hmm it seems Able Gold has implemented additional web.config files with folder-specific authorization settings.

You'll have to edit the /Members/Web.config file as well and change the

Code: Select all

        <allow users="*" />

to

Code: Select all

      <deny users="?"/>

That'll stop wishlist for rendering to anonymous users. But I don't know for certain if this overall concept is possible in Able Gold.

[jguengerich]

I think I might have figured it out.
I added

Code: Select all

<authorization>
  <deny users="?"/>
<authorization>

to the root web.config's system.web section.

I added a web.config to the App_Themes folder containing:

Code: Select all

<configuration>
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>

I modified the web.config in the Members folder to comment out the entire <location path="MyWishlist.aspx"> section.

Can anyone confirm that this is the "correct" way?

[NC Software]

You don't need a web.config in the App_Themes folder, you can allow the App_Themes using a Location attribute in the root web.config. But it is just another option, your way will work fine.

[Tea-Dev]

We are having the same issue. We have implemented having to login before seeing anything on the site but for some reason last week we are no longer able to serve images or css. Any ideas what we can look at?

THANKS

Code: Select all

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <configSections>
    <section name="nhs-configuration" type="NHibernate.Search.Cfg.ConfigurationSectionHandler, NHibernate.Search" requirePermission="false"/>
    <section name="paypal" type="com.paypal.sdk.core.ConfigSectionHandler, paypal_base"/>  
  </configSections>
  <paypal configSource="App_Data\paypal.config"/>  
  <connectionStrings configSource="App_Data\database.config"/>
  <appSettings>
    <add key="ChartImageHandler" value="storage=file;timeout=5;"/>
    <add key="aspnet:MaxHttpCollectionKeys" value="1000"/>
  </appSettings>
  <nhs-configuration xmlns="urn:nhs-configuration-1.0">
    <search-factory>
      <property name="hibernate.search.analyzer">Lucene.Net.Analysis.Standard.StandardAnalyzer, Lucene.Net</property>
      <property name="hibernate.search.default.directory_provider">NHibernate.Search.Store.FSDirectoryProvider, NHibernate.Search</property>
      <property name="hibernate.search.default.indexBase">~/App_Data/Indexes</property>
      <property name="hibernate.search.default.locking_strategy">native</property>
    </search-factory>
  </nhs-configuration>

<system.web>
    <customErrors mode="Off" defaultRedirect="~/Errors/GeneralError.aspx">
      <error statusCode="404" redirect="~/Errors/PageNotFound.aspx"/>
    </customErrors>
    <trace enabled="false" requestLimit="100" pageOutput="false" localOnly="true" mostRecent="true"/>
    <compilation debug="false" strict="false" explicit="false" targetFramework="4.0">
      <expressionBuilders>
        <add expressionPrefix="Translate" type="CommerceBuilder.Localization.LanguageManager"/>
      </expressionBuilders>
    </compilation>
    <pages theme="Wireframe" enableEventValidation="false" validateRequest="false" clientIDMode="AutoID">
      <namespaces>
        <add namespace="CommerceBuilder.Catalog"/>
        <add namespace="CommerceBuilder.Common"/>
        <add namespace="CommerceBuilder.DigitalDelivery"/>
        <add namespace="CommerceBuilder.Extensions"/>
        <add namespace="CommerceBuilder.Licensing"/>
        <add namespace="CommerceBuilder.Messaging"/>
        <add namespace="CommerceBuilder.Marketing"/>
        <add namespace="CommerceBuilder.Orders"/>
        <add namespace="CommerceBuilder.Payments"/>
        <add namespace="CommerceBuilder.Payments.Providers"/>
        <add namespace="CommerceBuilder.Products"/>
        <add namespace="CommerceBuilder.Reporting"/>
        <add namespace="CommerceBuilder.Shipping"/>
        <add namespace="CommerceBuilder.Stores"/>
        <add namespace="CommerceBuilder.Taxes"/>
        <add namespace="CommerceBuilder.Taxes.Providers"/>
        <add namespace="CommerceBuilder.Users"/>
        <add namespace="CommerceBuilder.Utility"/>
        <add namespace="CommerceBuilder.Localization"/>
      </namespaces>
      <controls>
        <add tagPrefix="asp" assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf38364e35" namespace="System.Web.UI.DataVisualization.Charting"/>
        <add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>
        <add tagPrefix="cb" namespace="CommerceBuilder.UI.WebControls" assembly="CommerceBuilder"/>
        <add tagPrefix="cb" namespace="CommerceBuilder.UI.WebControls" assembly="CommerceBuilder.UI"/>
      </controls>
    </pages>
    <authentication mode="Forms">
      <forms timeout="90" slidingExpiration="true" name="AC7.ASPXAUTH"/>
    </authentication>
    <sessionState mode="InProc" timeout="30" cookieName="AC7.SESSIONID"/>
    <siteMap defaultProvider="StoreSiteMap">
      <providers>
        <add name="StoreSiteMap" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Web.sitemap"/>
      </providers>
    </siteMap>
    <membership defaultProvider="AbleCommerceMembershipProvider">
      <providers>
        <clear/>
        <add name="AbleCommerceMembershipProvider" connectionStringName="AbleCommerce" applicationName="/" type="CommerceBuilder.Users.AbleCommerceMembershipProvider"/>
      </providers>
    </membership>
    <profile enabled="false"/>
    <roleManager enabled="true" defaultProvider="AbleCommerceRoleProvider">
      <providers>
        <clear/>
        <add name="AbleCommerceRoleProvider" type="CommerceBuilder.Users.AbleCommerceRoleProvider" connectionStringName="AbleCommerce" applicationName="/"/>
      </providers>
    </roleManager>
    <httpModules>
      <add name="AbleCommerceHttpModule" type="CommerceBuilder.Services.HttpModule, CommerceBuilder.Licensing"/>
    </httpModules>
    <anonymousIdentification enabled="true" cookieName="AC7.ASPXANONYMOUS" cookieTimeout="1440"/>
    <httpRuntime maxRequestLength="4096" requestValidationMode="2.0"/>
    <globalization culture="en-US" uiCulture="en-US"/>
    

      <authorization>
      <deny users="?" />
      </authorization>


	
  </system.web>
  
  
    <location path="~/APP_Themes">
      <system.web>
        <authorization>
          <allow users="*" />
        </authorization>
      </system.web>
    </location>


<!--
<system.web>
      <authorization>
      <deny users="?" />
      <allow users="*" />
      </authorization>
</system.web>
-->	
	
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="AbleCommerceWebApi" type="CommerceBuilder.WebApi.WebApiModule, CommerceBuilder.WebApi" preCondition="managedHandler"/>
      <add name="AbleCommerceHttpModule" type="CommerceBuilder.Services.HttpModule, CommerceBuilder.Licensing" preCondition="managedHandler"/>
    </modules>
    <handlers>
      <add name="ChartImg" verb="*" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf385364e35"/>
    </handlers>
  </system.webServer>
  <system.web.extensions>
    <scripting>
      <scriptResourceHandler enableCompression="true" enableCaching="true"/>
    </scripting>
  </system.web.extensions>
  <system.net>
    <settings>
      <httpWebRequest useUnsafeHeaderParsing="true"/>
    </settings>
  </system.net>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="NHibernate" culture="neutral" publicKeyToken="aa95f20779b4" />
        <bindingRedirect newVersion="3.3.1.4001" oldVersion="0.0.0.0-3.3.1.4001" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

[Tea-Dev]

resolved. permission issues to assets directory.

[jguengerich]

I also had to add the following to Mobile\web.config:

Code: Select all

  <location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Logout.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>