Umbraco authentication using .Net Forms for users and members

2
votes

I've set up permissions using .Net Forms Authentication which works perfectly for Umbraco Members:

<!-- Public access permissions -->
<location path="scripts"><system.web><authorization><allow users="?"/></authorization></system.web></location>
<location path="images"><system.web><authorization><allow users="?"/></authorization></system.web></location>
<location path="css"><system.web><authorization><allow users="?"/></authorization></system.web></location>
<location path="umbraco"><system.web><authorization><allow users="?"/></authorization></system.web></location>

<system.web>
  <authentication mode="Forms">
    <forms name="yourAuthCookie" loginUrl="login.aspx" protection="All" path="/" />
  </authentication>
  <authorization>
      <deny users="?"/>
  </authorization>
</system.web>

So members will not be able to access the site unless they authenticate themselves, except for scripts and styles so the login page can be seen properly.

The problem comes when I try to validate users (which in Umbraco means the users using the CMS, not the ones just visiting the site). I have tried to let the umbraco/ folder open and the umbraco/login.aspx etc. but it doesn't display the cms properly.

All this seems to be due to not being authenticated, as if I log in as a member, and then I log in as a User, it will display everything perfectly. Instead, if I only log in as a User, most of the things are not seen at all.

What am I doing wrong?

Thanks.

2
.netforms-authenticationumbraco

2 Answers

2
votes

I think you're approaching this from the wrong angle. You can control public access via the Umbraco UI - there is no need to modify the web.config.

  1. Make sure you have setup at least one member group
  2. Right-click on your "Home" node and select "Public Access"
  3. Choose "Role based protection" from the available options
  4. Pick the member groups (Roles) which are permitted access to your site following successful authentication.
  5. Pick your login and error pages and hit update.

The following video should help demonstrate the basic steps required in order to achieve what you are asking:

http://umbraco.com/help-and-support/video-tutorials/umbraco-fundamentals/members/role-based-protection/TVPlayer

0
votes

As no one is answering I'm going to say that I've found that adding these folders to the ones I had open to public seems to do the trick pretty well at the moment, maybe I will need to add something else in future but it seems to be working:

<location path="umbraco"><system.web><authorization><allow users="?"/></authorization></system.web></location>
<location path="umbraco_client"><system.web><authorization><allow users="?"/></authorization></system.web></location>
<location path="DependencyHandler.axd"><system.web><authorization><allow users="?"/></authorization></system.web></location>

I've added umbraco's folders and a virtual file named DependencyHandler.axd in the root.

Though, if anyone knows a better solution don't hesitate to show it off, please.