https://discord.umbraco.com logo
Join Discord
Powered by
How to bypass security programmatically
# help-with-umbraco
o
I have a requirement that In a member restricted page, I would need to access a few fields: Title, keyword, tags and put it in header -- Meta tags section. This is for search crawler to properly crawl secured pages with basic information only. How do I bypass page security and always output these meta tags?
m
detect the user-agent as bot and render a different result?
Another thought.. don't use the restrict access in the backoffice and use the IsAuthenticated / hasAccess methods to check (either in your page template, partial, view component, or surface controller..) to then render the different content.
o
Thank you @Mike Chambers for the ideas. I'm pretty new to umbraco. I can detect user agent but then --> the page auto goes to login view when I hit the page, how do I extract the field value and render it differently ( without need to login member) in the partial view when I debug, the current page item Model points to access denied page, I cannot get anything for the current page unless logged in.
Ideally I'd like if (user-agnt== agent bot) bypass security and render the content ( eg title tags) else( check access() then render page)
The content I have trouble is when calling Model.Value('field') I cannot access it. Need a way to bypass the security if user-agnt == bot
m
Sure, so that was my suggestion, do not use the umbraco backoffice restrict public access functionality and implement on the page yourself.. with an
Copy code
case bot -> serve minimal
  case user.isAuthenticated and has access show page
  case user.isAuthenticated and not has access (your own logic) redirect to denied page
  case user.isNotAuthenicated redirect to login page
prob not what you are after...
Another approach could be to replace the IPublicAccessChecker with your own... startup.cs
Copy code
// replace the publicAccessChecker.
services.AddUnique<IPublicAccessChecker, PublicAccessChecker>();
the concrete implementation in core is https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Web.Common/Security/PublicAccessChecker.cs ANd/Or maybe this 
services.AddUnique<IPublicAccessRequestHandler, PublicAccessRequestHandler>()
https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Web.Website/Routing/PublicAccessRequestHandler.cs To handle what you want to happen when a bot hits the page...
One other thought, when you land on the login page you can access a returnUrl... loginModel.RedirectUrl.. if you are using the standard UmbLoginController from the core snippets https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Core/EmbeddedResources/Snippets/Login.cshtml And then use the 
getByRoute(loginModel.RedirectUrl ... )
to get the node you came from... https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Core/PublishedCache/IPublishedContentCache.cs#L27
don't know if that works for the denied page.. though a bot shouldn't end up there.. as not authed so should be seeing the login page.
This seems like a sensible thing to want to happen.. so maybe others more versed in membership scenarios might have other thoughts? good luck in finding a solution that works for you!
o
@Mike Chambers thank you so much Mike! What a champ will try next Monday and thank u in advance if I have further questions, really appreciated!
k
+1 for keeping the "restrict public access" but extending the public access checker/handler. Otherwise you end up reinventing the entire Umbraco access restriction functionality, including the backoffice UI parts. That said, I think whoever made this requirement is not aware that the default behavior is to redirect unauthorized visitors to a sign-in page. It sounds like the requirement was made assuming that an "access denied" page is shown, which could then easily emit page metadata.
5 Views
PreviousNext
Powered by