One if the requirements we see over and over again with both InstantForum.NET & InstantKB.NET is the ability for customers to restict access to all but the login & registration page for anonymous users. This is useful for example if you wish to enforce registration before users can view your forum or knowledgebase.
Thankfully this is quite straight-forward with both InstantForum.NET & InstantKB.NET and can be achieve by adding standard <authorization> tags to your web.config to restrict access to specific areas based on the role / member group the current user belongs to.
For example…
InstantForum.NET
Use the following code to restrict access to all but the login & register page for anonymous users within InstantForum.NET.
<!-- If we belong to one of the roles below allow access --> <location path=""> <location path=""> <system.web> <authorization> <allow roles="Administrators,Forum+Members,Moderators,Awaiting+Activation" /> <deny users="*" /> </authorization> </system.web> </location> <!-- Allow access for anonymous users only to login & register pages --> <location path="Register.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="CaptchaImage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="ConfirmationMessage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="Logout.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="Logon.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>
InstantKB.NET
Use the following code to restrict access to all but the login & register page for anonymous users within InstantKB.NET.
<!-- If we belong to one of the roles below allow access --> <location path=""> <location path=""> <system.web> <authorization> <allow roles="Administrators,Registered+Members,Moderators+Staff,Awaiting+Activation" /> <deny users="*" /> </authorization> </system.web> </location> <!-- Allow access for anonymous users only to login & register pages --> <location path="Register.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="CaptchaImage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="ConfirmationMessage.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="Logout.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <location path="Logon.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>
Where do I place this code?
You should add these tags just below the closing </appSettings> element within the web.config file.
I have defined custom groups how can I handle these?
You can add the name of any custom member group you create within InstantForum.NET or InstantKB.NET to the allow / deny roles element. For example lets say you create a member group called "Internal Staff" and you wanted to allow these access to all pages.
You would modify the allow roles element as shown below...
<allow roles="Internal+Staff,Administrators,Forum+Members,Moderators,Awaiting+Activation" />
Ensure you separate groups / roles with a comma and also use a plus "+" character to indicate a space within the group name.
The Default LoginURL
After applying the tags above any visitor who does not have access to a page will be redirected to the URL / location specified within the LoginURL attribute of the <forns> element. For example…
<authentication mode="Forms"> <forms name="InstantASP" loginUrl="Logon.aspx" protection="All" slidingExpiration="true" path="/" /> </authentication>
You can update the "loginUrl" to point to your own login page if you have one in place. Any user who then attempts to access a page they don't have permission to will be redirected to your login page.
If you leave this as default users will be redirected to the standard forum login.
Ensuring Roles Are Stored in Forms Authentication Cookie
To ensure InstantForum.NET & InstantKB.NET store the users roles within the forms authentication cookie you'll need to ensure the following application setting within the web.config is set to true…
<add key="InstantASP_StoreRolesInFormsAuthenticationTicket" value="True" />
Role checks will NOT work if "InstantASP_StoreRolesInFormsAuthenticationTicket" is set to false.
That's It!
You can apply these techniques to other pages within InstantForum.NET or InstantKB.NET. We hope this information helps. If it's helped you please rate the article below. As always if we can assist further don't hesitate to open a support ticket or contact us.
1999-2012 © InstantASP Ltd. |
Privacy Policy
InstantForum.NET 2012
InstantKB.NET 2011
Active Directory
Live Demos
Download
Purchase
InstantForum.NET Hosting
New Ticket
Documentation
Knowledgebase
Support Services
Support Plans
Contact Us
Community Forums
Our Blog
On Twitter
About Us
Our Customers
Customer Comments