Menu

Search

InstantASP Support

Help & Support


How to restict / force login for InstantForum or InstantKB


Common Questios

One if the requirements we see over and over again with both InstantForum & InstantKB is the ability for customers to restrict access to all but the login & registration page for anonymous users. This is useful for example if you wish to enforce registration before users can view your forum or knowledgebase.

Thankfully this is quite straight-forward with both InstantForum & InstantKB and can be achieve by adding standard <authorization> tags to your web.config to restrict access to specific areas based on the role / member group the current user belongs to.

For greater control you may consider a code based approach to restricting access. For further information please see Limit InstantForum Access to Only Logged In Users.

InstantForum

Use the following code to restrict access to all but the login & register page for anonymous users within InstantForum.

<!-- If we belong to one of the roles below allow access -->

<location path="">
<location path="">
<system.web>
<authorization>
<allow roles="Administrators,Forum+Members,Moderators,Awaiting+Activation" />
<deny users="*" />
</authorization>
</system.web>
</location>

<!-- Allow access for anonymous users only to login & register pages -->

<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="CaptchaImage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="ConfirmationMessage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="Logout.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="Logon.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

InstantKB

Use the following code to restrict access to all but the login & register page for anonymous users within InstantKB.

<!-- If we belong to one of the roles below allow access -->

<location path="">
<location path="">
<system.web>
<authorization>
<allow roles="Administrators,Registered+Members,Moderators+Staff,Awaiting+Activation" />
<deny users="*" />
</authorization>
</system.web>
</location>

<!-- Allow access for anonymous users only to login & register pages -->

<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="CaptchaImage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="ConfirmationMessage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="Logout.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

<location path="Logon.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

Where do I place this code?

You should add these tags just below the closing </appSettings> element within the web.config file.

I have defined custom groups how can I handle these?

You can add the name of any custom member group you create within InstantForum or InstantKB to the allow / deny roles element. For example lets say you create a member group called "Internal Staff" and you wanted to allow these access to all pages.

You would modify the allow roles element as shown below...

<allow roles="Internal+Staff,Administrators,Forum+Members,Moderators,Awaiting+Activation" />

Ensure you separate groups / roles with a comma and also use a plus "+" character to indicate a space within the group name.

The Default LoginURL

After applying the tags above any visitor who does not have access to a page will be redirected to the URL / location specified within the LoginURL attribute of the <forns> element. For example…

<authentication mode="Forms">
<forms name="InstantASP" loginUrl="Logon.aspx" protection="All" slidingExpiration="true" path="/" />
</authentication>

You can update the "loginUrl" to point to your own login page if you have one in place. Any user who then attempts to access a page they don't have permission to will be redirected to your login page.<

If you leave this as default users will be redirected to the standard forum login.

Ensuring Roles Are Stored in Forms Authentication Cookie

To ensure InstantForum & InstantKB store the users roles within the forms authentication cookie you'll need to ensure the following application setting within the web.config is set to true…

<add key="InstantASP_StoreRolesInFormsAuthenticationTicket" value="True" />

Role checks will NOT work if "InstantASP_StoreRolesInFormsAuthenticationTicket" is set to false.

That's It!

You can apply these techniques to other pages within InstantForum or InstantKB. We hope this information helps. If it's helped you please rate the article below. As always if we can assist further don't hesitate to open a support ticket or contact us.


Related Links



Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments

Member Photo
0
ivan.eivf posted 5 Years Ago
New Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition pointsNew Member with 6 recognition points
<span style="color: #666666; font-family: Arial, Verdana, Tahoma; font-size: 13px; line-height: 24px; background-color: #f9fdff;">This does not work.</span><br />
Member Photo
0
rockonmom posted 7 Years Ago
New Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition pointsNew Member with 3 recognition points
This does not work.

Comments require login or registration.

Details

Product: InstantKB, InstantForum
Version: All Versions
Type: HOWTO
Level: Beginner
Article not rated yet.
Article has been viewed 13K times.
Last Modified: 2 Years Ago
Last Modified By: Ryan Healey

Options

Similar Articles


Tags