Is it possible to hide an entire website behind a log-in screen? Making the visitor login to see the content. I know there are plugins like this on Wordpress but I am unable to find something for Kentico.
Thanks,
Brian
Yes. At the root of the website (master page) select it. Then go to Properties>Security and in the Access section of that page, select yes for the "Requires authentication" attribute and save the page. This will force the user to the login page you have defined in your web.config OR in your Settings to authenticate first. This will be inherited by default through the rest of the child pages.
Related
Is it possible / how to stop the link from redirecting in Kentico CMS when the user log in as admin/CMS editor?
If you want to prevent the logging to CMS (from /CMSPages/logon.aspx) you can create a custom login page and redirect user where you want.
Use the Logon Form web part to achive this. In the properties of that web part you can setup Default target URL, which leads users to approporiate page You want
I am building a WordPress MU service, that allowing users to register sites and manage these sites only from front end via AJAX.
In main site, I have register a domain in the form of http://www.my-site.com/edit-site/55/ that display a form with the site options.
The problem is that the above method creates security issues, because some user may start change site ids at the end of the URL and reach the site options of other members.
So, is there a way to check if the current user has the right to update the options of the given site ?
Please refer this link,
https://codex.wordpress.org/Function_Reference/current_user_can
current_user_can() function will resolve your problem I think.
I have mainly two security concern in Drupal 7.
When user enter http://sitename/node then the user will be able to view all the nodes created in the site till date. In the site there are some content type which are viewable to all users on site and some are restricted to created users and shared users.How to stop users from viewing those nodes which they have not created. It will also be OK for me if user enter http:///node then "Page Not Found" displayed.
Similarly I have installed "URL Path Alias" module which substitute the URL with the title alias. Now when user enters http://sitename/node/260 where 260 is random number. This can be redirected to a valid page and user gets to know the [nid] of the content. hackers can use SQL Injection or another technique to delete the content from generic [node] table. How to restrict such hacking in the site.
Please let me know your views.
pay a visit to drupal permission page # /admin/people/permissions.
Using roles and permissions you can set who can see what. knowing the URL is ok if you have defined your site roles and permissions in good safe way.
Pathauto module, or using drupal built in "URL Path Alias" is designed for SEO and simply making your URL look pretty.. it has no security impact ;)
I am starting to create a site that uses Drupal. One of my requirements is that nobody will see any "real" content until they log in. The home page will basically be a static page with a logo, some basic "this is what the site does" copy, and then a login form. If you don't login, you can then only see some other static pages (faq, legal, privacy, etc...) but you can't use the actual site. Think Facebook's login page, basically just fluff with a login form.
From searching around, I have found 3 different methods for this:
Create a page that is basically separate from the Drupal installation, but then when the form submits, check it against the Drupal DB and then proceed if logged in successfully. This would be done with Apache, maybe an .htaccess file directive to change the first served page.
Use the Front Page extension. I haven't looked at this too extensively, has anyone used it? Pros/Cons?
Somehow finagle the default Druapl "Home Page" functionality to allow this to happen. I would rather not have to do this, unless someone knows that there is an easy way to do this.
One of my requirements is that nobody will see any "real" content until they log in.
There is a permission that users need have in order to access content on Drupal (access content); if anonymous users don't have that permission, then they would not be able to see any content.
Using the module you reported, you can create a different home page for anonymous users.
Solution #1 is not the ideal one as it requires more work for something that can be obtained from inside Drupal. Take in mind that the correct way to access Drupal DB is to use the DB API Drupal comes with.
Is it possible to set a default site for a group of users in Sharepoint and have the main default page redirect them to the sub site?
I don't know an out of the box feature which could do this, but you could write a small WebPart which does the redirect depending on the user who visits the site. Shouldn't be to difficult.
The configuration could either be stored in the web part itself or within a list. To speedup the whole redirect process you should cache the redirect information when it was read from the configuration.
That's the way I would do this.
Don't forget to think about a way which let you access and edit the page with the redirect web part without getting redirected.