Protected folders and access rights in QuickelSoft CMS
IntroductionIn QuickelSoft CMS, you can create folders protected by an Access Control List and allow specific users or groups to access sensitive content with a login. This article will show you how to protect the folder and how to add a login form to your web site to authenticate your readers. Access in QuickelSoft CMSIn QuickelSoft CMS, no one can gain access to a folder without providing a user name and a password. Even for your anonymous readers, when you use the API to retrieve the content to display the content on your web site, you must first log these anonymous users in with a specific user ID you have created for them. By default, the setup wizard creates a user called “Anonymous” for this scenario. The typical steps to retrieve the content items of the root folder of the site are: 1. You first create a Context object.
2. Call the method Login
3. Get an instance of a Site object
4. Retrieve the content items.
For instance, in C#: Context context = new Context();
context.Login("myuserid", "mypassword");
Site site = context.GetSites().FromName("My site");
ContentItemCollection contentItems = site.RootFolder.GetContentItems();
contentItems.GetAll(); Code simplification with the QuickelSoft CMS HttpModuleBy default, when you use the QuickelSoft CMS HttpModule and when you inherit your ASPX page from the class QuickelSoft.CMS.API.Page, you do not need to create the Context object and the site object. The HttpModule will use the settings in your web.config file to automatically log an anonymous reader in and initialise the site object for you. In the “appSettings” section of your web.config file, add these 3 keys: <add key="QuickelSoftCMS_SiteName" value="MySite"/>
<add key="QuickelSoftCMS_AnonymousUser" value="Anonymous"/>
<add key="QuickelSoftCMS_AnonymousPassword" value="anonymous"/> Then, even before the Page load event of your page is called, the class has initialized a context object (CurrentContext) and a site object (CurrentSite). Under this method, a user can access your web site without providing a user name and a password. What happens if a folder is protected?There are two cases when a folder is protected. First case: The reader browses your site and you use the folder list as a navigation menu. For instance, to display the list of a first level navigation menu from the child folders of the root folder: List<Folder> folders = CurrentSite.RootFolder.GetSubfolders(true); This method only returns the folders to which the user has access. If the reader wants to see the protected folder, he has to log in. Second case: The reader tries to access the protected folder directly from a URL (from an e-mail or a hardcoded link on your web site) The request will be processed by the HttpModule and if the Anonymous user does not have access to the folder, the module will throw an access denied exception and redirect him to the authentication login form. Redirection to the login form to authenticate the user. The login form is used: When you add a link to it on your page to let the user authenticate himself. When the user tries to access a folder he has no access to. The HttpModule uses the value of the key “QuickelSoftCMS_AuthenticationLoginURL” in the appSettings section of your web.config file to let the API know where the login form is.
Example: <add key="QuickelSoftCMS_AuthenticationLoginURL" value="/samplesite/login.aspx"/> Creation of the login form.1. Create a form containing two text boxes (one for the user id and one for the password) and one button to submit your form. <table>
<tr>
<td>
User ID:</td>
<td>
<asp:TextBox ID="TextBoxUserID" runat="server" />
</td>
</tr>
<tr>
<td>
Password:</td>
<td>
<asp:TextBox ID="TextBoxPassword" TextMode="Password" runat="server" /></td>
</tr>
<tr>
<td>
<asp:Button ID="ButtonSubmit" OnClick="ButtonSubmit_Click" runat="server" Text="Submit" /></td>
</tr>
</table> 2. Inherit your code behind class from the class QuickelSoft.CMS.API.Page
3. When the user clicks on the button “ButtonSubmit”, just call the Login method of the Context object CurrentContext.Login(TextBoxUserID.Text, TextBoxPassword.Text, Response) 4. If the login succeeds, the user is redirected to your home page or to the URL provided by the HttpModule in the query string parameter “RedirectTo” if the user tried to access a specific folder of your site. protected void ButtonSubmit_Click(object sender, EventArgs e)
{
if (TextBoxUserID.Text == "") return;
try
{
if (CurrentContext.Login(TextBoxUserID.Text, TextBoxPassword.Text, Response))
{
String redirectTo = (String)Request["RedirectTo"];
if (redirectTo != null && redirectTo != "") Response.Redirect(redirectTo);
Response.Redirect(Root);
return;
}
Response.Write("Invalid user id or password");
return;
}
catch(Exception )
{
}
Response.Write(CurrentContext.LastErrorDescription);
} Remarks:
If the root folder of your site is protected, the properties CurrentSite, CurrentFolder and CurrentContentItem in the object QuickelSoft.CMS.API.Page are always null. How to protect a folder1. In the tree view in the QuickelSoft CMS front end, select the folder you want to protect.
2. Click on the button “Properties”
3. In the folder properties, click on the tab “Access Control List”
4. Add user names and / or groups to the access control list and specify the access.
5. Click on the button “Save”. 
This access control list grants reader access to the group “Customers” and author access to the group “Content contributors”.
Now, only the users belonging to one of these groups can read the content items found in the folder.
|