BlogEngine.NET 3.3 - Prevent anonymous users from doing certain things

Question

BlogEngine.NET 3.3 - Prevent anonymous users from doing certain things

251 views Asked by Matt At 12 May 2016 at 19:17

I've re-worded this to try and get a solution.

I'm using BlogEngine.NET 3.3. I have a requirement to show 300 Characters of the posts in the blog and then the registered user will then click the post name to read the rest.

I would like to un-registered users (Anonymous users) to be able to see the 300 characters but when they try to read the full content of the post they get some text saying "Please Register to see this content".

I've scoured the net trying to find out if someone has achieved this before. I found the below code. It says to put it into the App_Code/Extensions folder as a .cs to enable it. However, in 3.3 there isn't an extensions folder in App_Code. There is one here in here BlogEngine.Core\Web\Extensions. I've tried putting the below code into the web\extensions folder and it appears to do something. It hides all of my published posts.

Could someone please help me with this?

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using BlogEngine.Core;

using BlogEngine.Core.Web.Controls;

using System.Collections.Generic;



/// <summary>

/// Summary description for PostSecurity

/// </summary>

[Extension("Checks to see if a user can see this blog post.",

        "1.0", "<a href=\"http://www.lavablast.com\">LavaBlast.com</a>")]

public class PostSecurity

{

static protected ExtensionSettings settings = null;



public PostSecurity()

{

    Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);



    ExtensionSettings s = new ExtensionSettings("PostSecurity");



    s.AddParameter("Role", "Role", 50, true);

    s.AddParameter("Category", "Category", 50);



    // describe specific rules for entering parameters

    s.Help = "Checks to see if the user has any of those roles before    displaying the post. ";

    s.Help += "You can associate a role with a specific category. ";

    s.Help += "All posts having this category will require that the user have the role. ";

    s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";



    s.AddValues(new string[] { "Registered", "" });



    ExtensionManager.ImportSettings(s);

    settings = ExtensionManager.GetSettings("PostSecurity");

 }



protected void Post_Serving(object sender, ServingEventArgs e)

 {

    Post post = (Post)sender;

    bool continu = false;



    MembershipUser user = Membership.GetUser();



    continu = user != null;



    if (user != null)

    {

        List<string> categories = new List<string>();

        foreach (Category cat in post.Categories)

            categories.Add(cat.Title);



        string[] r = Roles.GetRolesForUser();



        List<string> roles = new List<string>(r);



        DataTable table = settings.GetDataTable();

        foreach (DataRow row in table.Rows)

        {

            if (string.IsNullOrEmpty((string)row["Category"]))

                continu &= roles.Contains((string)row["Role"]);

            else

            {

                if (categories.Contains((string)row["Category"]))

                    continu &= roles.Contains((string)row["Role"]);

            }

        }

    }



    e.Cancel = !continu;

   }

}

Original Q&A

There are 2 answers

MunchyYDL On 12 May 2016 at 19:26

Ok, so some time ago I used BlogEngine.Net, and I'll try to help you from the top of my mind, so I'm not really sure that my answer is correct, but maybe it will give you some pointers, ok?

You should not give Members the access right to view Unpublished Posts, as this is more for editors on the site, to be able to save drafts of new Posts before publishing them for public consumption.

From what I understand (?), only your friend will be writing Posts on the blog, and therefore he should be the only one with that permission.

One thing that might work, is to give everyone permission to watch Posts, if that is required to get the first page to work (I don't really remember). Then you can override/customize the control/view that shows the Posts, and there you can check to see if the user is actually registered and decide to show the Post or a message telling them to register.

**Matt** · Accepted Answer · 2016-05-19T08:09:54+00:00

This has now been resolved. rtur from BlogEngine.Net kindly assisted with this.

using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Web;

[Extension("Secure post", "1.0", "BlogEngine.NET")]
public class SecurePost
{
   static SecurePost()
  {
    Post.Serving += Post_Serving;
}

private static void Post_Serving(object sender, ServingEventArgs e)
{
    if(e.Location == ServingLocation.SinglePost)
    {
        if (!HttpContext.Current.User.Identity.IsAuthenticated)
        {
            HttpContext.Current.Response.Redirect("~/account     /login.aspx");
        }
    }
  }
}

TechQA.

BlogEngine.NET 3.3 - Prevent anonymous users from doing certain things

There are 2 answers

Related Questions in BLOGENGINE.NET

Popular Questions

Trending Questions