Archive

Archive for November 26, 2019

ADX Portal – Prevent unauthorized access of custom pages

November 26, 2019 Leave a comment

For one of our requirements, we built a custom .aspx page and placed under ‘Areas’ folder of OOB ADX website’s ‘MasterPortal’ project.

ADX_Prevent_UnAuthAccess

Issue:

  • The .aspx page was accessible without signing in to the portal by using the following URL convention
    • https://base_portal_url/Areas/folderName/Pages/filename.aspx

Fix:

  • On Page_Load of the aspx page, check whether the request is from authenticated user or not.
  • If unauthenticated request, set 401 error code (i.e., Unauthorized error) to the Response object and redirect to portals ‘SignIn’ page.
  • Below is the code snippet need to be placed in Aspx page’s ‘Page_Load’ event, which redirects unauthenticated requests to Portal’s ‘SignIn’ page.

protected void Page_Load(object sender, EventArgs e)
{
if (!Request.IsAuthenticated)
{
Response.StatusCode = 401;
Response.End();
}
}

🙂

Categories: ADX Tags: , ,