Tag: Admin

Secure your page using Sitecore Login

On By kiranpatilsIn Programming, Sitecore, Tips and Tricks1 Comment

Challenge:

Have you ever noticed? When you access Sitecore Admin Pages (If you are new to Sitecore Admin Pages, and not aware about it. I would strongly recommend you this post, these tools are real life savior : http://firebreaksice.com/sitecore-admin-pages-explained/) it asks your for Sitecore Login, as shown below (Just a note : as far as I can recall, this validation started after 6.X version only! Happy to be corrected! For earlier versions you need to block them using different methods OR even though it exists, would strongly recommend you to use this post — http://sitecoreblog.alexshyba.com/2010/10/securing-sitecore-admin.html)

Sitecore-Admin-Login

Now, let’s say you are developing one page, And you need to make sure that it gets accessed by Authenticated users only. How to do that? You are also wondering to do the same? Eager to know? Then this post is for you only!

Solution:

As always, Had a word with my best friend – Google [What? Yours as well? Now, We’ve a common friend! :)] and it suggested following post:

http://learnsitecore.cmsuniverse.net/en/Blog/SecurePage-in-sitecore-apps.aspx

This of course may be a security issue and you should ensure you require your users to login to the shell site, before they can run the application. Sitecore enables you to do this quite easy as you can just make your page inherit from Sitecore.Shell.Web.UI.SecurePage. If you do this, Sitecore will automatically redirect the user to the login page of the current site, if they are not all ready logged in. Easy-peasy-lemon-squeezy!

I gave a try it in my development box, and it worked! I was presented with a Sitecore Login Page.

public partial class SCBasicsSecurePage : Sitecore.Shell.Web.UI.SecurePage
{
 //Secure Code
}

What, you also tried and it works? Till this point of time, Everything looks easy and straight forward?

But, here is a twist [Life is not as easy as it seems to be! :)], After login it was redirecting me to “dbbrowser.aspx” and NOT “SCBasicsSecurePage.aspx”? Which is what I expected it to be! And so as you?! Correct?

Then stepped back, and checked Sitecore’s Cache.aspx page’s behavior and was amazed to see, It works the way you and I expected, means after login it redirects to requested page in our case it’s Cache.aspx. Just noticed one difference, In earlier case URL was not containing any returnurl key. But in Sitecore’s admin page cache it was! It gave me hint!

And then it was time to talk to another best friend, Reflector [Oh, Yours as well, See we’ve second common friend! :)] and it revealed the truth! Sitecore Admin pages inherits them self from Sitecore.sitecore.admin.AdminPage and NOT Sitecore.Shell.Web.UI.SecurePage. And AdminPage has been coded to handle returnurl logic! Where it redirects on Original URL after login!

So, here are the quick steps for you:

1. Inherit your page from Sitecore.sitecore.admin.AdminPage:

public partial class SCBasicsSecurePage : Sitecore.sitecore.admin.AdminPage
{
 //Secure Code
}

2. Override OnInit method of a page:

protected override void OnInit(EventArgs e)
{
base.CheckSecurity(true); //Required!
base.OnInit(e);
}

3. That’s it! Enjoy!

Happy Sitecoring! 🙂