Using Role-Based authentication in Umbraco 7

There are times when you require certain sections of your site to have restricted access.

When working with Umbraco, this task is very easy to implement using the Role-Based authentication. In this post I will show you a simple example of how to use this feature.

Creating a Member Group and adding Members to it

First, inside de back office, navigate to Members > Member Groups and create a new group.

Figure 1. Creating a new Member Group.

Figure 1. Creating a new Member Group.

Next, create a new user under Members > Members.

Figure 2. Navigate to Members folder.

Figure 2. Navigate to Members folder.

Enter a name for the new user and then, on the Properties tab, enter a login name and an e-mail address (these parameters are required). Umbraco assigns a new password automatically, you can also edit it.

Figure 3. Add the new user's information.

Figure 3. Add the new user’s information.

Also, it is necessary to assign the new user to a Member Group.

Scroll all the way down the properties tab, on the Member Group property, click on the group name you want the new user to be part of. The group name will then appear undet Member Group(s). After doing that, click Save.

Figure 4. Select a Member Group for the new user.

Figure 4. Select a Member Group for the new user.

Figure 5. User assigned to Member Group.

Figure 5. User assigned to a Member Group.

Adding Content to the site

The next step is to create new document types and templates for the sections in the site.

For this example, I created two document types with their corresponding templates. I also created a Partial View that displays a login form.

Figure 6. Create Document Types and their Templates.

Figure 6. Create Document Types and their Templates.

For the Login template I inserted a Partial View which displays a login page. The code for the Login template is as follows.

@using UmbracoTestProject.Models
@inherits Umbraco.Web.Mvc.UmbracoTemplatePage
@{
 Layout = null;
}

<h2>Login Page</h2>
<div id="loginForm">
 @{Html.RenderPartial("LoginPartial", new LoginModel());}
</div>

For the login form, the code is as follows.

@inherits Umbraco.Web.Mvc.UmbracoViewPage<UmbracoTestProject.Models.LoginModel>

@using (Html.BeginForm("Login", "Member", FormMethod.Post))
{
 <fieldset>
 <legend>Login</legend>

 @Html.ValidationSummary(false)

 @Html.LabelFor(m => m.Username)
 @Html.TextBoxFor(m => m.Username)
 <br />

 @Html.LabelFor(m => m.Password)
 @Html.PasswordFor(m => m.Password)
 <br />

 @Html.LabelFor(m => m.RememberMe)
 @Html.EditorFor(m => m.RememberMe)
 <br />

 <button>Login</button>
 </fieldset>
}

I created a model class for the user’s login information.

public class LoginModel
{
	[DisplayName("Username")]
	public string Username { get; set; }

	[DisplayName("Password")]
	[DataType(DataType.Password)]
	public string Password { get; set; }

	[DisplayName("Remember Me")]
	public bool RememberMe { get; set; }
}

Also, I added a SurfaceController that handles the login process.

public class MemberController : SurfaceController
{
	public ActionResult Login(LoginModel model)
	{
		try
		{
			if (Membership.ValidateUser(model.Username, model.Password))
			{
				FormsAuthentication.SetAuthCookie(model.Username, model.RememberMe);

				return Redirect("/private-content/");
			}
		}
		catch (Exception e)
		{
			ModelState.AddModelError("Login error", "Unable to login, please try again.");
		}

		return PartialView("LoginPartial", model);
	}
}

Finally, for the private page’s template, I added a simple line of code in order to test that the login was successful.

@inherits Umbraco.Web.Mvc.UmbracoTemplatePage
@{
    Layout = null;
}

<h2>Welcome @Members.GetCurrentMemberProfileModel().UserName</h2>

Now, add the new nodes to the Content of the site.

Figure 7. Add new nodes to the Content of the site.

Figure 7. Add new nodes to the Content of the site.

Protecting the restricted content

Click on the node that you want to protect and select Public Access.

Figure 8. Select the node you want to protect.

Figure 8. Select the node you want to protect.

Choose the way you want to restrict access to the page. In this case, select Role based protection.

Figure 9. Choose how to restrict access.

Figure 9. Choose how to restrict access.

Now, it is necessary to select the roles that will have access to the page.

Figure 10. Select the roles that have access to the page.

Figure 10. Select the roles that have access to the page.

Select a login page.

Figure 11. Select the login page.

Figure 11. Select the login page.

Select an error page to show when the user logged on but is not authorized to see the content. (For this example, I just chose the Home Page).

Figure 12. Select an error page.

Figure 12. Select an error page.

Finally, click update to save your changes, you will notice there’s a “Forbidden” sign at the bottom of the node’s icon.

Figure 13. Save your changes.

Figure 13. Save your changes.

Now, if the user hasn’t registered, they will be redirected to the Login page you selected.

Advertisements

Setting up Umbraco with Visual Studio

Umbraco is a very powerful, very flexible, open-source CMS for .NET.It is a great tool when developing web sites and even services for things like mobile apps but, like with every new tool, it takes some time and effort to learn how to use it properly.

But believe me, once you overcome those scary hours of going through tutorials and documents, you will see how easy it is to work with this wonderful tool.

In this series, I will show you the basics of working with Umbraco, things I would have loved someone had told me on the first place.

This post is intended to serve as the starting point for other Umbraco posts I plan to write.

Creating a Visual Studio 2013 web application and setting up Umbraco

In order to start working with Umbraco, you need to create a new Web Application project.

Figure 1

Figure 1. Creating a new web application project.

Select an empty ASP.NET application project from the dialog and press OK.

Figure 2

Figure 2. Select an empty ASP.NET application template.

Now, in order to install Umbraco into your solution, open the NuGet package manager and search for “Umbraco”. Once the results appear, install the package called “Umbraco CMS”.

Figure 3

Figure 3. Installing Umbraco CMS from NuGet.

During the installation process, you will be asked if you want to overwrite the web.config file. This is because Umbraco adds several configuration values necessary for it to work. Select “No”,  Umbraco will overwrite your web.config file anyway, but it will create a backup in the App_Data folder. After the installation is finished you can merge your files and make sure they’re up to date.

Figure 4

Figure 4. Overwrite the web.config file.

Once the installation is done, you will notice that several folders were added to the project.

Figure 5

Figure 5. Solution Explorer.

Now, you need to setup your Umbraco site. To do this, run the solution with the browser of your preference. You will see a configuration screen with some fields you need to fill. Once you’re done click “Install” and wait for Umbraco to run the necessary tasks.

Figure 6

Figure 6. Umbraco installation screen.

This is it! Now you have Umbraco up and running in your solution.

Figure 7

Figure 7. Umbraco’s admin page.

Note. The installation process I followed in this post created a local data base. You can find the .sdf file in the App_Data folder, it is called Umbraco.sdf.

If you need to set up Umbraco to work with an SQL Server database, you can do so by clicking “Customize” in the setup page you were presented when you first ran the application. You will need to provide the server and database information.