R11 - Restricting Page-level access to specific groups
Posted: Fri Jan 08, 2016 5:45 am
I've created a page in the Admin section ( > Websites > Webpages ) and I want to restrict these pages to members of a group who have logged into the site.
I've tried updating the root web.config file with the appropriate "deny="*"" code, with the similar code from the admin web.config section as follows:
But this doesn't appear to adequately protect the page content.
1.) is it possible that since the location path is really not a physical page that this cannot work? If so can I call the path via the webpageID? In R11, we're required to have a URL defined for each webpage, so I would hope that we can call the specific URL.
2.) I'm using the "System" role in the code above just for testing purposes. I don't really want to add new roles to the DB as that's a manual process and I want to avoid making changes if possible.
Anyone have a tried and true method for actually securing page-level content (on a page created within the site)? I need to use this specific page, because the client needs to manage/update/edit the content through the built-in CMS.
Thanks!
I've tried updating the root web.config file with the appropriate "deny="*"" code, with the similar code from the admin web.config section as follows:
Code: Select all
<location path="MyPrivatePage.aspx">
<system.web>
<authorization>
<allow roles="System"/>
<deny users="*" />
</authorization>
</system.web>
</location>
1.) is it possible that since the location path is really not a physical page that this cannot work? If so can I call the path via the webpageID? In R11, we're required to have a URL defined for each webpage, so I would hope that we can call the specific URL.
2.) I'm using the "System" role in the code above just for testing purposes. I don't really want to add new roles to the DB as that's a manual process and I want to avoid making changes if possible.
Anyone have a tried and true method for actually securing page-level content (on a page created within the site)? I need to use this specific page, because the client needs to manage/update/edit the content through the built-in CMS.
Thanks!