Search code examples
asp.net-mvcrazorforms-authenticationumbracoumbraco7

How to make arbitrary pages public using Umbraco role-based security

Using Umbraco 7.2.6

I am using member role-based security to manage public access, I have the entire site set to only allow authenticated members (must be in the 'active' role/group), all pages are beneath the Home node.

The Login page and Error page, as asked for in the front end menu, are publicly accessible to non-authenticated users, how can I make other arbitrary pages public? Such as a forgot password page or about page.

I was hoping there would be an option for "make public" or something in the right click menu of the content editor so end users could decide this willy-nilly as they are so want to do, but unless I'm missing something that doesn't exist.

I attempted using the web.config to allow anonymous access per page, but I'm not sure what the correct path is to use in the config settings for default Umbraco content. What is the main controller?

I also tried putting the unsecured pages outside of the Home hierarchy, but it seems some of the things the master pages and such are trying to access things using node navigation. I supposed I could go through and remove all of that, but I'd like not to.

Any experience with this?

Solution

  • Sadly, as far as I know, this is not possible. Umbraco protects a page, and everything underneath it, without giving you the option to exclude certain pages. Changing the access in the web.config won't work, as the access is controlled by custom Umbraco code.

    Basically, a file called "access.config" is generated in the App_Data folder of your site with the access rules in, and this is used by Umbraco to work out what is and isn't protected.

    The way I normally handle this is to have all of the protected content under a sub-node of the home page, that way I can have things like error pages, password reset etc, outside of the protected area and publicly accessible. There are several security related methods that you can call in your navigation etc to check whether a user has access to a node, e.g.

    Umbraco.MemberHasAccess(id, path)

    Passing in the id and the path of the node you want to check against the current user.