EPiserver multi-site configuration with multiple login pages

  • Sep 09, 2015
  • EPiServer
  • Authentication
  • | 0 Comments

Standard EPiServer is using Forms Authentication for the authentication of users. A downside of this authentication type is that only one login URL can be configured in the web.config. I ran into this problem when developing a multi-site configuration with EPiServer, each site had his own start and login page type.

For this example I configured two sites in EPiServer, SiteA and SiteB. This is how the page tree looks like:

The ‘Secured page’ can only be accessed by authenticated users. So the problem with this example is that each site has is own login page. As mentioned before only one login URL can be configured in the web.config. The way I solved this problem is by adding a http module that’s detecting a request URL including a ‘ReturnUrl’ query string name. The http module will redirect the user to the login page according the current visiting site.

var application = (HttpApplication)source;
     
    var context = application.Context;
     
     
    if (!string.IsNullOrEmpty(context.Request.QueryString["ReturnUrl"])) // User is being redirected so make sure the right login page is loaded
    {
        var contentLoader = ServiceLocator.Current.GetInstance<IContentLoader>();
        var pageRouteHelper = ServiceLocator.Current.GetInstance<PageRouteHelper>();
        var urlResolver = ServiceLocator.Current.GetInstance<UrlResolver>();
     
     
        if (!ContentReference.IsNullOrEmpty(ContentReference.StartPage))
        {
            var startPage = contentLoader.Get<PageData>(ContentReference.StartPage);
     
            if (startPage != null && startPage is IStartPageWithLoginPageReference)
            {
                var startPageWithLoginReference = (IStartPageWithLoginPageReference) startPage;
     
                if (!ContentReference.IsNullOrEmpty(startPageWithLoginReference.LoginPage) &&
     
                    startPageWithLoginReference.LoginPage.ID != pageRouteHelper.PageLink.ID)
     
                    // Check if user isn't already on the login page so an infinite redirect loop is prevented
                {
     
                    var url = new UrlBuilder(urlResolver.GetUrl(startPageWithLoginReference.LoginPage));
     
                    url.QueryCollection.Add("ReturnUrl", context.Request.QueryString["ReturnUrl"]);
     
                    context.Response.Redirect(url.ToString());
     
                }
            }
        }
    }

So the above http module checks if the requested URL includes a ‘ReturnUrl’ query string name. If this is true then the start page type is loaded of the current site. Both of my sites have a start page type that implements the interface IStartPageWithLoginPageReference.

public interface IStartPageWithLoginPageReference
    {
        ContentReference LoginPage { get; set; }
    }

This interface has a reference to the login page for each site. So the only thing that needs to be done is redirecting the user to the login page URL including a ‘ReturnUrl’ query string.

You can find the full source on my GitHub account.

Comments