Developer forum

Forum » Development » Prevent user login if not allowed on website

Prevent user login if not allowed on website

E-mail notifications
Marie Louise Veigert
Reply
Posted on 02/08/2023 09:09:16

Hi,
We have a customer with a solution with many webshops on.
We seperate users in different usergroups in import. The users should only be allowed to login on their allocated site.

I've made restrictions with the permission matrix, so the user groups not allowed is added with permission 'none' on the 'My Account' page. 
I use this page with a 'NavigationTag' to check whether the user have access.


I have also made a Notification Subscriber 'OnBeforeExtranetLogin' which check wether the user have permissions from the page mentioned above.

The issue is that it goes into endless loop. It seems like I cannot prevent DW from logging the user in and DW then tries to redirect to many times.

Can I prevent DW from logging the user in with the Notification Subscriber? Or maybe force logoff ?


Replies

 
Marie Louise Veigert
Posted on 02/08/2023 14:05:56
Reply

Update if anyone else needs something similair:

I ended up using this codeline:

Dynamicweb.Frontend.LogOnHandler.LogOff();

But needed to use the OnExtranetLogin NotificationSubscriber instead of OnBeforeExtranetLogin because otherwise I couldn't check permissions with the following:

var myaccountPage = Dynamicweb.Content.Services.Pages.GetPageByNavigationTag(currentPage.AreaId, "MyAccount");
var allowed = SecurityHandler.IsCurrentUserAllowed(myaccountPage);        

 

You must be logged in to post in the forum