Skip to content
November 10, 2013 / kiranpatils

Secure your page using Sitecore Login

Challenge:

Have you ever noticed? When you access Sitecore Admin Pages (If you are new to Sitecore Admin Pages, and not aware about it. I would strongly recommend you this post, these tools are real life savior : http://firebreaksice.com/sitecore-admin-pages-explained/) it asks your for Sitecore Login, as shown below (Just a note : as far as I can recall, this validation started after 6.X version only! Happy to be corrected! For earlier versions you need to block them using different methods OR even though it exists, would strongly recommend you to use this post — http://sitecoreblog.alexshyba.com/2010/10/securing-sitecore-admin.html)

Sitecore-Admin-Login

Now, let’s say you are developing one page, And you need to make sure that it gets accessed by Authenticated users only. How to do that? You are also wondering to do the same? Eager to know? Then this post is for you only!

Solution:

As always, Had a word with my best friend – Google [What? Yours as well? Now, We’ve a common friend! :)] and it suggested following post:

http://learnsitecore.cmsuniverse.net/en/Blog/SecurePage-in-sitecore-apps.aspx

This of course may be a security issue and you should ensure you require your users to login to the shell site, before they can run the application. Sitecore enables you to do this quite easy as you can just make your page inherit from Sitecore.Shell.Web.UI.SecurePage. If you do this, Sitecore will automatically redirect the user to the login page of the current site, if they are not all ready logged in. Easy-peasy-lemon-squeezy!

I gave a try it in my development box, and it worked! I was presented with a Sitecore Login Page.

public partial class SCBasicsSecurePage : Sitecore.Shell.Web.UI.SecurePage
{
 //Secure Code
}

What, you also tried and it works? Till this point of time, Everything looks easy and straight forward?

But, here is a twist [Life is not as easy as it seems to be! :)], After login it was redirecting me to “dbbrowser.aspx” and NOT “SCBasicsSecurePage.aspx”? Which is what I expected it to be! And so as you?! Correct?

Then stepped back, and checked Sitecore’s Cache.aspx page’s behavior and was amazed to see, It works the way you and I expected, means after login it redirects to requested page in our case it’s Cache.aspx. Just noticed one difference, In earlier case URL was not containing any returnurl key. But in Sitecore’s admin page cache it was! It gave me hint!

And then it was time to talk to another best friend, Reflector [Oh, Yours as well, See we’ve second common friend! :)] and it revealed the truth! Sitecore Admin pages inherits them self from Sitecore.sitecore.admin.AdminPage and NOT Sitecore.Shell.Web.UI.SecurePage. And AdminPage has been coded to handle returnurl logic! Where it redirects on Original URL after login!

So, here are the quick steps for you:

1. Inherit your page from Sitecore.sitecore.admin.AdminPage:

public partial class SCBasicsSecurePage : Sitecore.sitecore.admin.AdminPage
{
 //Secure Code
}

2. Override OnInit method of a page:

protected override void OnInit(EventArgs e)
{
base.CheckSecurity(true); //Required!
base.OnInit(e);
}

3. That’s it! Enjoy!

Happy Sitecoring! 🙂

Advertisements

One Comment

Leave a Comment
  1. Vaibhao Chawale / Dec 15 2015 3:56 pm

    Hi Kiran,

    Very nice post, It helped me lot to create a secure page with the help of Sitecore login.

    I have one advance requirement in which i need to call my secure page with the help of Sitecore scheduler, So how should i pass my credentials while calling my secure page with the help of Sitecore scheduler ?

    Thank you.
    – VC

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: