How to make pages private ? Just for the users ?

sch09 wrote:


Also if you know how to do it, in 1.50 , you can add the function you need to protect in the ACL list and assign it to a user role and assign the users (techs) to the right role.


that's what ACL is for.

as i mentioned my website is already live and i don't want to make any changes as if i make any changes to .cs i have to re-build the whole website.

about the 1.5 version i know that feature but right now i cannot update from 1.4 to 1.5 as i modified 1.4 according to my requirement to it's not easy for me to update to 1.5 version

what i did was wrong ? could you please suggest me solution according to what i did (the code i pasted on this thread)

Hi..

As sch09 posted this is the best way to achieve what you require,

This will not break your application and you will not need to rebuild.

simply add the code to your cs file for the tech.aspx, but remember to reference the files required.

mike..

nopCommerce team | Mike wrote:

I am sorry but i am little confused, what exactly to mention in the code, i would really appreciate if you could guide me with the code

and i didn't understand what you mean by "reference the files required"

i want tech.aspx page only to be access by 1 username, so how this username will be differ from other ? because if anyone come to know about the page link they can also log in and access the information which i dont want

so please clear this, do i need to create role in the admin section tech  ? i mean i have already created it so you want me to keep it there and link with tech username ?

Please guide me with the code what exactly should be in the pageload event of tech.aspx ?

abcd_12345 wrote:

Hi,

How many roles do you have specified on the site? All the users in roles will be able to view the page..

But what you will need todo is go and create a new Form (Tech.aspx) now in the cs file auto generated insert this into the top of the document:

using NopSolutions.NopCommerce.BusinessLogic;
using NopSolutions.NopCommerce.BusinessLogic.SEO;

Then the page load should look like this:

protected void Page_Load(object sender, EventArgs e)
{
            if (NopContext.Current.User == null || NopContext.Current.User.IsGuest)
            {
                string loginURL = SEOHelper.GetLoginPageURL(true);
                Response.Redirect(loginURL);
            }
}

I hope this is clearer mike..

Well initially there were no roles by default right ? all the visitors of website are for the front-end and only admin by default (according to 1.4 version) can access the front-end and back-end right ?

i wanted to create a page that can be viewed only by few usernames that i want, (which should be different from those who registers on the website as website visitor) for that i created a role "tech" in the admin section, and to test i created a username and linked that username with role "tech"

i am little confused with the code, i don't see any role mention like "tech" i dont have to mention tech role in the code ? how this code will differentiate with normal outside user and with tech username ?

and where should i add the tech.aspx ? i mean just in the normal project where all the pages are, or i have to create folder along with separate webconfig file in it like i did earlier in this thread ?

Sorry if i am being too demanding, I will be really great-full to you if you would help me with this issue...

Ok i still tried what you suggested me and i am getting error

Please take a look at this screenshot to see ERROR MESSAGE
http://img26.imageshack.us/img26/5149/errormessage.jpg


This is the codes of my aspx page and .cs page
http://img411.imageshack.us/img411/9599/pageon.jpg

This is my admin section (just if you want to see the "role" area- where i created role and linked with username)
http://img175.imageshack.us/img175/9913/admino.jpg

Other than solving this issue, it will be great if you could answer my questions too that i asked above this post, (it will help me in understand the logic and after that i can say, i learnt a new thing.

abcd_12345 wrote:


Mike, forget the roles for now if you don't want to mess with that. the best way is add the above lines of code to the new page. if you still don't want to touch the code, then your only option is to add a <location> tag in your web.config and restrict access by requiring aythentication.

<configuration>
   <location path="Tech.aspx">
      <system.web>
         <authorization>
            <deny users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>


this way you deny access to anonymous users.

sch09 wrote:

OK I copied your above <configuration> tag and pasted in the webconfig that is in Members folder that i created ok ?
still didn't work, then i did this:
<configuration>
  <location path="Tech.aspx">
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <allow roles="Tech"/>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>
still any user who is not assigned to role "tech" is able to view the page

Sch09, i am not sure if you were able to understand my situation, The tech.aspx page should be accessible to only those users for whom i created a new role "tech" , but at the same time i don't want to give these users who are assigned as techs the administration powers, so they should not get access to admin section.

So 3 things :

Normal user who registers at website should not be able to view the tech.aspx

Tech users should be able to view tech.aspx BUT NOT ADMIN SECTION just the tech.aspx page

ADMIN should be able to go to admin section as usual as well as admin should be able to view tech.aspx too.


2nd Point, You said "he best way is add the above lines of code to the new page" which code ? the code in .cs page ? well i am not sure if you saw the above error screenshot which i am getting after adding the code in .cs file.

let me know if it works out.