Question about the role based permission exception

Topics: Developer Forum, User Forum
Wiki Link: [discussion:354170]
StevenQ
May 2, 2012 at 12:28 AM
Edited May 2, 2012 at 12:38 AM

I have a section of the site I'm working on that I want to be accessible to members not everyone so I changed permissions for the page (and branch/sub pages) via the n2 admin ui and I've overriden IsAuthorized on in the definition of the page/content type.

The site is MVC3 with basically a minimal and dinamicro inspired integration of n2cms. Version of n2cms is 2.2.2 from github end of 2011 (should probably update to latest from github but don't want to break anything at this stage).

My question is what is the best way or best place in code to suppress the permission denied exception and simply redirect to login when an un-authenticated user attempts to go to the page (or sub pages)?
grimaceofdespair
May 2, 2012 at 6:16 AM

If I'm not mistaken, that behaviour is taken care of by customErrors, e.g.:

<customErrors mode="RemoteOnly" defaultRedirect="~/Start/ServerError">
This means you only see the detailed error locally, but anyone accessing your site from elsewhere should see a friendly error message. You can turn that behaviour on or off with mode="On" (show friendly message) or mode="Off" (show error details)

StevenQ
May 2, 2012 at 7:31 AM
Edited May 2, 2012 at 7:34 AM

Yeah that's what I'm doing at the moment.

However I really want to redirect to /account/login rather than show an error page if an anonymous/authenticated user tries to go to /some-secure-page.

In non cms web forms you'd use location settings in web.config or sitemap, in non cms MVC you'd use attributes on the controllers/actions I'm wondering where the best place to do this with n2cms intergrated would be. It has to be before n2 raises the exception.
libardo
Coordinator
May 6, 2012 at 10:16 PM

Hmm, this doesn't seem to be as straightforward as I intended. It might also be a different behavior from previos IIS.

You can subscribe to events and do things:

N2.Context.Current.Resolve<ISecurityEnforcer>().AuthorizationFailed += ...

The login page is expected in this case, isn't it?
StevenQ
May 7, 2012 at 5:10 AM

Yes that looks goods.

I have subscribed to that event in N2Startup (IPluginInitializer) and doing a simple response redirect to login for now.
bherila
Developer
Aug 19, 2012 at 6:56 PM

I had this exact same problem today, here's some code in case it helps anyone else. 

 

		public void Initialize(N2.Engine.IEngine engine)
		{
			//log4net.Config.XmlConfigurator.ConfigureAndWatch(new System.IO.FileInfo(Server.MapPath("~/N2/Installation/log4net.config")));

			RegisterControllerFactory(ControllerBuilder.Current, engine);
			RegisterRoutes(RouteTable.Routes, engine);
			RegisterViewEngines(ViewEngines.Engines);
			RegisterViewTemplates(engine);

            N2.Context.Current.Resolve<ISecurityEnforcer>().AuthorizationFailed += GlobalMvcStarter_AuthorizationFailed;
		}

        void GlobalMvcStarter_AuthorizationFailed(object sender, N2.CancellableItemEventArgs e)
        {
            System.Web.Security.FormsAuthentication.RedirectToLoginPage();
            e.Cancel = true;
        }
Sign in to post message or set email notifications