Page 1 of 1
Require login before viewing
Posted: Tue May 07, 2013 2:45 pm
by jguengerich
I would like to require users to log in before they can view anything on the site. I found the following thread with instructions for modifying the web.config file:
viewtopic.php?f=42&t=7286&start=0
However, when I try that, I am taken to the login page, but it is basically just the text and links (see attachment).
Is there a different way to force logins now?
Re: Require login before viewing
Posted: Fri May 10, 2013 2:46 pm
by AbleMods
I tested the older post on a Gold R4 install today.
It worked for me when I added only this to web.config in the root of the site:
Code: Select all
<authorization>
<deny users="?"/>
</authorization>
Immediately after the <system.web> tag.
I did not add the captcha related entries from that older post.
Re: Require login before viewing
Posted: Fri May 10, 2013 3:18 pm
by jguengerich
I tried it again and it worked the first time - sort of. My logo didn't show up, and clicking on the Wishlist button (top) or link (bottom) took me to the wish list screen instead of the login screen (I'm using the Wireframe theme). After I logged in and logged back out, I got the same screen I showed in my initial post. Closing the browser and opening it again didn't help. Trying other browsers and clearing the browser caches didn't help. Restarting the site didn't help.
Very strange.
Any other suggestions?
Re: Require login before viewing
Posted: Fri May 10, 2013 3:47 pm
by AbleMods
Hmm it seems Able Gold has implemented additional web.config files with folder-specific authorization settings.
You'll have to edit the /Members/Web.config file as well and change the
to
That'll stop wishlist for rendering to anonymous users. But I don't know for certain if this overall concept is possible in Able Gold.
Re: Require login before viewing
Posted: Tue May 14, 2013 4:01 pm
by jguengerich
I think I might have figured it out.
I added
Code: Select all
<authorization>
<deny users="?"/>
<authorization>
to the root web.config's system.web section.
I added a web.config to the App_Themes folder containing:
Code: Select all
<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
I modified the web.config in the Members folder to comment out the entire <location path="MyWishlist.aspx"> section.
Can anyone confirm that this is the "correct" way?
Re: Require login before viewing
Posted: Tue May 14, 2013 6:10 pm
by NC Software
You don't need a web.config in the App_Themes folder, you can allow the App_Themes using a Location attribute in the root web.config. But it is just another option, your way will work fine.
Re: Require login before viewing
Posted: Fri May 17, 2013 7:32 pm
by Tea-Dev
We are having the same issue. We have implemented having to login before seeing anything on the site but for some reason last week we are no longer able to serve images or css. Any ideas what we can look at?
THANKS
Code: Select all
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<configSections>
<section name="nhs-configuration" type="NHibernate.Search.Cfg.ConfigurationSectionHandler, NHibernate.Search" requirePermission="false"/>
<section name="paypal" type="com.paypal.sdk.core.ConfigSectionHandler, paypal_base"/>
</configSections>
<paypal configSource="App_Data\paypal.config"/>
<connectionStrings configSource="App_Data\database.config"/>
<appSettings>
<add key="ChartImageHandler" value="storage=file;timeout=5;"/>
<add key="aspnet:MaxHttpCollectionKeys" value="1000"/>
</appSettings>
<nhs-configuration xmlns="urn:nhs-configuration-1.0">
<search-factory>
<property name="hibernate.search.analyzer">Lucene.Net.Analysis.Standard.StandardAnalyzer, Lucene.Net</property>
<property name="hibernate.search.default.directory_provider">NHibernate.Search.Store.FSDirectoryProvider, NHibernate.Search</property>
<property name="hibernate.search.default.indexBase">~/App_Data/Indexes</property>
<property name="hibernate.search.default.locking_strategy">native</property>
</search-factory>
</nhs-configuration>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Errors/GeneralError.aspx">
<error statusCode="404" redirect="~/Errors/PageNotFound.aspx"/>
</customErrors>
<trace enabled="false" requestLimit="100" pageOutput="false" localOnly="true" mostRecent="true"/>
<compilation debug="false" strict="false" explicit="false" targetFramework="4.0">
<expressionBuilders>
<add expressionPrefix="Translate" type="CommerceBuilder.Localization.LanguageManager"/>
</expressionBuilders>
</compilation>
<pages theme="Wireframe" enableEventValidation="false" validateRequest="false" clientIDMode="AutoID">
<namespaces>
<add namespace="CommerceBuilder.Catalog"/>
<add namespace="CommerceBuilder.Common"/>
<add namespace="CommerceBuilder.DigitalDelivery"/>
<add namespace="CommerceBuilder.Extensions"/>
<add namespace="CommerceBuilder.Licensing"/>
<add namespace="CommerceBuilder.Messaging"/>
<add namespace="CommerceBuilder.Marketing"/>
<add namespace="CommerceBuilder.Orders"/>
<add namespace="CommerceBuilder.Payments"/>
<add namespace="CommerceBuilder.Payments.Providers"/>
<add namespace="CommerceBuilder.Products"/>
<add namespace="CommerceBuilder.Reporting"/>
<add namespace="CommerceBuilder.Shipping"/>
<add namespace="CommerceBuilder.Stores"/>
<add namespace="CommerceBuilder.Taxes"/>
<add namespace="CommerceBuilder.Taxes.Providers"/>
<add namespace="CommerceBuilder.Users"/>
<add namespace="CommerceBuilder.Utility"/>
<add namespace="CommerceBuilder.Localization"/>
</namespaces>
<controls>
<add tagPrefix="asp" assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf38364e35" namespace="System.Web.UI.DataVisualization.Charting"/>
<add tagPrefix="ajaxToolkit" assembly="AjaxControlToolkit" namespace="AjaxControlToolkit"/>
<add tagPrefix="cb" namespace="CommerceBuilder.UI.WebControls" assembly="CommerceBuilder"/>
<add tagPrefix="cb" namespace="CommerceBuilder.UI.WebControls" assembly="CommerceBuilder.UI"/>
</controls>
</pages>
<authentication mode="Forms">
<forms timeout="90" slidingExpiration="true" name="AC7.ASPXAUTH"/>
</authentication>
<sessionState mode="InProc" timeout="30" cookieName="AC7.SESSIONID"/>
<siteMap defaultProvider="StoreSiteMap">
<providers>
<add name="StoreSiteMap" type="System.Web.XmlSiteMapProvider" siteMapFile="~/Web.sitemap"/>
</providers>
</siteMap>
<membership defaultProvider="AbleCommerceMembershipProvider">
<providers>
<clear/>
<add name="AbleCommerceMembershipProvider" connectionStringName="AbleCommerce" applicationName="/" type="CommerceBuilder.Users.AbleCommerceMembershipProvider"/>
</providers>
</membership>
<profile enabled="false"/>
<roleManager enabled="true" defaultProvider="AbleCommerceRoleProvider">
<providers>
<clear/>
<add name="AbleCommerceRoleProvider" type="CommerceBuilder.Users.AbleCommerceRoleProvider" connectionStringName="AbleCommerce" applicationName="/"/>
</providers>
</roleManager>
<httpModules>
<add name="AbleCommerceHttpModule" type="CommerceBuilder.Services.HttpModule, CommerceBuilder.Licensing"/>
</httpModules>
<anonymousIdentification enabled="true" cookieName="AC7.ASPXANONYMOUS" cookieTimeout="1440"/>
<httpRuntime maxRequestLength="4096" requestValidationMode="2.0"/>
<globalization culture="en-US" uiCulture="en-US"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="~/APP_Themes">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<!--
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
-->
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true">
<add name="AbleCommerceWebApi" type="CommerceBuilder.WebApi.WebApiModule, CommerceBuilder.WebApi" preCondition="managedHandler"/>
<add name="AbleCommerceHttpModule" type="CommerceBuilder.Services.HttpModule, CommerceBuilder.Licensing" preCondition="managedHandler"/>
</modules>
<handlers>
<add name="ChartImg" verb="*" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf385364e35"/>
</handlers>
</system.webServer>
<system.web.extensions>
<scripting>
<scriptResourceHandler enableCompression="true" enableCaching="true"/>
</scripting>
</system.web.extensions>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true"/>
</settings>
</system.net>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="NHibernate" culture="neutral" publicKeyToken="aa95f20779b4" />
<bindingRedirect newVersion="3.3.1.4001" oldVersion="0.0.0.0-3.3.1.4001" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Re: Require login before viewing
Posted: Sat May 18, 2013 5:25 pm
by Tea-Dev
resolved. permission issues to assets directory.
Re: Require login before viewing
Posted: Thu Jul 11, 2013 9:14 am
by jguengerich
I also had to add the following to Mobile\web.config:
Code: Select all
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Logout.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>