How does Umbraco secure it's internal CMS pages?

0
votes

I want to add a page to my Umbraco website that only users who are logged into the Umbraco back end will be able to access, but I haven't been able to figure out how Umbraco does it's authentication.

All that I've been able to figure out from debugging is that after I log in to Umbraco, I check HttpContext.Current.User.Identity.IsAuthenticated, it's false, so it's not doing authentication that way.

Does anyone know where I'd find the code where Umbraco does it's authentication checks and sends users back to the login screen if they're not logged in? I need to hook in to this and extend it to my new page.

ANSWER

Check umbraco.BusinessLogic.User.GetCurrent() to get the user currently logged in to the Umbraco back end.

2
authenticationumbraco

2 Answers

2
votes

Check out Umbraco's Public Access. This is the mechanism Umbraco uses to secure pages. Umbraco uses a separate membership table for Umbraco Users (back-end) and Umbraco Members (front-end), so you'll have to add the users in twice, if you're wanting the Users to access certain pages.

You'll need to create a login page with some login controls on it. You'll also need an "Error page" which is basically the page the user would be sent to if they were not authorized to view the requested page. Morten Bock Sørensen gives a good walk through for how to set this up in a blog post.

Alternatively, you could place the content you wish to secure in a dashboard in the back-end. You could even hook a user control into the dashboard that pulls the content in dynamically from a node.

2
votes

Found the answer. All you need to do is check umbraco.BusinessLogic.User.GetCurrent() to see if the user is logged in to the Umbraco back end.