creating a page wtih no access right required?

Lei Liu

Vote:

Hi Everyone,

Regarding to creating a page

"DataFactory.Instance.Save(targetPage, EPiServer.DataAccess.SaveAction.Publish);" does it but you have to log in as an episerver user which belongs to a group that has the right to create a page right?

In my case, I need that an end use should be able to create a page when he's not in any user group, how to do that? something like

DataFactory.Instance.Save(myPage, EPiServer.DataAccess.SaveAction.ForceCurrentVersion, EPiServer.Security.AccessLevel.NoAccess); ?

that doesn't work for me. Any1 could tell me how to do this?

Many thx.

#36707

Feb 08, 2010 16:50

Linus Ekström

Vote:

Hi!

I noticed in your code sample that you are supplying the enum value "ForceCurrentVersion" instead of "Publish" when saving with the additional AccessLevel parameter. Might this be the cause of your problem? If you want to force the current version you should bitwise add these two enum values.

Linus Ekström
EPiServer Development Team

#36711

Feb 08, 2010 17:28

Lei Liu

Vote:

Hi Linus,

Hm, I don't think so, or I'm not sure, I'll try something then. But first of all, is it possible for an end user without login to create a page?

#36715

Feb 08, 2010 18:27

morten.sorby@capgemini.com

Vote:

Hi,

You can't do a ForceCurrentVersion on a new page(learned that the hard way ;-)), you have to handle that yourself.
And you have to use ForeCurrentVersion with for instance Publish.

Regards,
Morten

#36716

Feb 08, 2010 19:39

Anders Hattestad

Vote:

And you can create a new page without being logged in.

#36717

Feb 08, 2010 19:50

Lei Liu

Vote:

Thank you guys, it works now. Darn it, how obvious (: I was slow -.-'

#36728

Feb 09, 2010 10:07

Lei Liu

Vote:

D'oh, A follow-up question to this thread.

Now I need the end user to upload a photo together with the page he created, and I got an error says Not authorized to access /pagefiles/blablabla

Anywho, is it possible for an none logged-in user to upload a pic together with the page he's going to create? if so, how?

#36734

Feb 09, 2010 11:02

morten.sorby@capgemini.com

Vote:

Hi,
you need to do a ByPassAccessCheck on the VPP when uploading files from an anonymous user.

Regards,
Morten

#36735

Feb 09, 2010 11:04

Lei Liu

Vote:

#36737

Feb 09, 2010 11:30

Lei Liu

Vote:

Sorry for the spam, I still got problem with this. I did 'pageRootDirectory.BypassAccessCheck = true;' it seemed to be ok, then problems come to the Upload file function, which calls a 'GetUnifiedDirectory' to get the directory, the problem happens to this line

'UnifiedDirectory directory = HostingEnvironment.VirtualPathProvider.GetDirectory(path) as UnifiedDirectory;' it says not authorized.

The whole process looks like this :

string virtualPathFromFolderId = VirtualPathUtilityEx.Combine(pageDirectoryRootVirtualPath, VirtualPathUtility.AppendTrailingSlash(folderId.ToString()));
                 
UnifiedDirectory pageDirectory = HostingEnvironment.VirtualPathProvider.GetDirectory(virtualPathFromFolderId) as UnifiedDirectory;


if (pageDirectory == null)
                        {
                            pageRootDirectory.BypassAccessCheck = true;                
pageDirectory = pageRootDirectory.CreateSubdirectory(folderId.ToString(), myPage);
                        }


UploadFile(uploadFile.FileContent, uploadFile.FileName, virtualPathFromFolderId);


protected void UploadFile(Stream fileContent, string filePath, string destination)
        {
            UnifiedDirectory dir = GetUnifiedDirectory(destination);
            UnifiedFile uFile = dir.CreateFile(filePath);
            Stream s = uFile.Open(FileMode.CreateNew);
            StreamConsumer.CopyToEnd(fileContent, s);
            s.Close();
            fileContent.Close();
        }

protected UnifiedDirectory GetUnifiedDirectory(string path)
        {
            UnifiedDirectory directory = HostingEnvironment.VirtualPathProvider.GetDirectory(path) as UnifiedDirectory;
            if (directory == null)
                throw new ArgumentException("Given path is not a Unified Directory");
            return directory;
        }

Any1 can see what my problem is?

Many thx!

#36739

Feb 09, 2010 12:46

morten.sorby@capgemini.com

Vote:

Are you sure that the user running your IIS/Worker thread has change acces to the VPP?
If it's 2003 server that user is probably "Network Service"

//Morten

#36740

Feb 09, 2010 12:52

Lei Liu

Vote:

It's is actually 2003, does it mean I have to actually change the vpp folder's property? We have other EPiServer sites as well.

The code works when I logged in as an EPiServer user, it does everything correctly, it only break when I do it anonymously.

So, do u suggest me to change the VPP folder property? I really dont want to do that tho >.<

#36742

Feb 09, 2010 13:50

Kimmo Koskela

Vote:

Hi you all!

I'm having a strange problem when programatically creating a page as anonymous user. As I save the page with the following line:
DataFactory.Instance.Save(newPage, EPiServer.DataAccess.SaveAction.Publish, EPiServer.Security.AccessLevel.NoAccess);
I get an error saying: Procedure or function 'netPageCreate' expects parameter '@UserName', which was not supplied.

The code i use works flawless on another site. Any ideas? I'm using EPi CMS 5.2.375.133.

#37950

Mar 24, 2010 15:37

Kimmo Koskela

Vote:

Nevermind, found a solution. Had to add the following lines to OnCreatingPage-event in Global.asax:

if (!EPiServer.Security.PrincipalInfo.CurrentPrincipal.Identity.IsAuthenticated)
EPiServer.Security.PrincipalInfo.CurrentPrincipal = EPiServer.Security.PrincipalInfo.AnonymousPrincipal;

#37983

Mar 25, 2010 15:12