Privatizing a BlogEngine.Net Installation

StackOverflow https://stackoverflow.com/questions/17387

  •  08-06-2019
  •  | 
  •  

Question

I have a blogengine.net install that requires privatization.

I'm doing research work at the moment, but I have to keep my blog/journal private until certain conditions are met.

How can I privatize my blogEngine.net install so that readers must log in to read my posts?

Was it helpful?

Solution

I use this extension. Just save the file as RequireLogin.cs in your App_Code\Extensions folder and make sure the extension is activated.

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using BlogEngine.Core;

using BlogEngine.Core.Web.Controls;

using System.Collections.Generic;



/// <summary>

/// Summary description for PostSecurity

/// </summary>

[Extension("Checks to see if a user can see this blog post.",

            "1.0", "<a href=\"http://www.lavablast.com\">LavaBlast.com</a>")]

public class RequireLogin
{

    static protected ExtensionSettings settings = null;



    public RequireLogin()
    {

        Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);



        ExtensionSettings s = new ExtensionSettings("RequireLogin");

        // describe specific rules for entering parameters

        s.Help = "Checks to see if the user has any of those roles before displaying the post. ";

        s.Help += "You can associate a role with a specific category. ";

        s.Help += "All posts having this category will require that the user have the role. ";

        s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";

        ExtensionManager.ImportSettings(s);

        settings = ExtensionManager.GetSettings("PostSecurity");

    }



    protected void Post_Serving(object sender, ServingEventArgs e)
    {
        MembershipUser user = Membership.GetUser();
        if(HttpContext.Current.Request.RawUrl.Contains("syndication.axd"))
        {
            return;
        }

        if (user == null)
        {
            HttpContext.Current.Response.Redirect("~/Login.aspx");
        }
    }
}

OTHER TIPS

From: BlogEngine.NET 2.5 - Private Blogs

If you go into the control panel, Users tab, Roles sub-tab (right side), for "Anonymous" on the right-side Tools area, hover over that and select "Rights".

You are now on the Rights page for the Anonymous role. Uncheck everything, in particular "View Public Posts". HOWEVER, you do need to keep at least one item checked, otherwise everything reverts back to the default. For example, you could keep "View Ratings on Posts" checked. Then Save.

Then anyone who is not logged in should automatically be redirected to the Login page no matter where what page they try to enter the site at.

lomaxx's answer didn't work, so I decided to avoid making blogengine.net perform auth for readers.

on iis, i disabled anonymous access and added a guest users to the win2k3 user list.

We created a simple tool that gives certain users access to certain posts according to their ASP.NET Membership Roles to acheive a somewhat similar result.

http://blog.lavablast.com/post/2008/08/BlogEnginenet-Post-Security.aspx

I would think it's possible to do this in the web config file by doing something like the following:

<system.web>
    <authorization>
      <allow roles="Admin" />
      <deny users="*" />
    </authorization>
</system.web>
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top