function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
waylonatcimwaylonatcim 

Forcing users to authenticate

I'm setting up a new site where I don't want users to see any page other than the login page unless they have been authenticated.  I'm having a little trouble figuring out how to set this up though.

 

Ideally I would like the main site page be the 'Active Site Home Page' and when a user goes to any page in my site, if they are not authenticated than they will be sent to the login page.  If they are authenticated, than they can view the page.  Is this something that I have to manually put into code or is that handled for me by the Salesforce Portal authentication?  I set the 'Active Site Home Page' to the page I want logged in users to land on and removed this page from the Visualforce Page Access settings of the public user.  This is not working, however, as the user still lands on that home page.

 

Is there something I am missing about automatic page redirection to the login page if users are not authenticated?

 

Thanks!

EIE50EIE50

Hi,

 

You need to put into code manually in your site's login controller.

 

Thanks.

waylonatcimwaylonatcim

I'm not sure exactly what you are talking about.

 

I did find a tech talk that addressed the issue as such:

 

 


 

e.g if ($User.userType == 'Guest') { ... redirect to login }  ?

You can do that if you want. The easier way there is to just not allow that user to use the page on the security settings; then it will *automatically* redirect them to login. (It does this by showing the user the Unauthenticated page template which contains a SiteLogin component, not by redirecting the user to another URL)

 


This seems to say that I can just hide the pages from the guest user and it will take them to the Unathenticated page automatically, which is great.  The problem is, I have hidden my 'Active Site Homepage' from guest users, but when I navigate to that url (as an unathenticated user) I see the page.  I don't see any data in the page, but I still see the page instead of being redirected.  Does anyone know what is causing this?  I'm sure others have had secure sites on here before.....

 

irlrobinsirlrobins

I'm trying to do something similiar and see the same issue.

 

My setup on sandbox:

Domain: mydomain.sandboxurl.force.com

Site: mydomain.sandboxurl.force.com/mysite

 

Site is set to enable login against a customer portal. I have created several Visualforce pages and allowed the Customer Portal profile to access them. I have not allowed the site public user to access any of the custom VF pages.

 

I'd like to set the landing page to my homepage VF page so I've set this as the active page. So if the user goes to mydomain.sandboxurl.force.com/mysite the homepage should load but if the user has not yet authenticated take them to the login page and from there to the homepage.

 

But what happens (similiar to waylonatcim) is that the user can view the homepage without logging in (but any links to other VF pages result in the unauthorized template showing). How can I set the homepage as the active page but not allow public user to view it??

irlrobinsirlrobins

Ok came up with a solution of sorts. Not sure how pretty it is but here it is.

 

I created a page called Refresh.page. It simply refreshes the page to the home page, which is not accessible to the public/guest user.

 

 

<apex:page showHeader="false" >meta http-equiv="REFRESH" content="0; url=/CP_Homepage" ></meta>apex:page>

 

The unauthorized page similiar redirects to the login page. I then modified the SiteLogin Controller as follows:

 

    global PageReference login() {
        String startUrl = System.currentPageReference().getParameters().get('startURL');
        startUrl = '/CP_Homepage';
        return Site.login(username, password, startUrl);
    }

 So after login the user is taken to the homepage. Not pretty, but it seems to work....

Sonali GonnadeSonali Gonnade

Hi,

 

How to set site public user access for custom visual force pages and how to allow or do not allow public access to them.

Please assist.

 

Thanks

Sonali Gonnade

irlrobinsirlrobins

1) Setup->Develop->Sites.

2) Select the site you wish to edit

3) Click on Public Access Settings

4) Add the custom VF pages you want to allow the guest access to Enabled Visualforce Page Access.

 

Any page not listed in Enabled Visualforce Page Access will require the user to be logged in.  

 

Sonali GonnadeSonali Gonnade

Thanks a lot for your quick response.

I have followed the same instuctions given by you for site VF pages access and customer profile VF pages access.

After Login with customer portal user I am still unable to access the custom VF pages and  Authentication Required page is displayed for each page.

 

Is there any other way to force customer portal user to authenticate or may be I missed some steps.

Please assist.

 

Thanks

Sonali.   

EIE50EIE50

Hi Sonali,

 

Make sure you set field level security and other required security settings in the site guest user profile. Also make sure all your VF controllers are working without exceptions ( i too got the authentication required page quite a few times, then figured out it was due to a method returning null pointer exception). Site guest user profile is for Public view (Sites). For Customer portal, you would have alloted a profile in your portal, so navigate to that profile and add all vf pages, apex classes and set all your field, object level security settings.

 

Try to get the error message if any by logging in to customer portal via, contacts--> click on any contact--> work with portal--> enable customer portal user --> Save. Navigate to this contact, click on work with customer portal, login to portal, if there are any errors you will see an error message. 

Sonali GonnadeSonali Gonnade

Hi,

 

Thank s a lot for your quick help.

I have followed the same steps also all controllers are working without exceptions.

I am still facing the same problem.  If we have not added VF pages in site setting and added in customer portal profile with all settings still authentication required page is displayed.

 

Please assist.

 

Thanks

Sonali.

TLFTLF

I think there's a way to do this through site configuration, as opposed to redirecting from you controller. If you modify the public access setting for the site to remove those pages that require authenticated access from the enabled visualforce pages list, then then guest users will be redirected to the "Authorization Required" error page. In the site configuration settings, there is an error pages section, that allows you to specify what error page you want to display for the authorization required error. You can configure this to be your login page.

TLFTLF

One issue with the method I describe in the previous post is that after logging in, you're always redirected to the site home page, rather than the page you were requesting when you got the authorization error. This is because the retURL param is not passed as a URL parameter to the login page.

irlrobinsirlrobins

This is the scenario that I'm often faced with. A user might have bookmarked a page that requires authentication. When they try to load the bookmark they are kicked out to the login screen. They then login but are taken to the default/homepage rather than the bookmarked page. It would be a better journey if SFDC recognised they had been brought to the login screen when they tried to access a page that requires authentication and return to that page after successful login.

TLFTLF

I solved this by adding an "action" method to each of the pages that require login. In the action method, I check the user type to see if it is a guest or an authenticated user. If guest, I redirect to the login page and set the retURL parameter to the page I want to return to after logging in.

irlrobinsirlrobins

Interesting.... I can see how that works...

TLFTLF

Here's a simple example of what I'm talking about:

 

<apex:page controller="MyController" standardStylesheets="false" showHeader="false" action="{!checkLogin}" title="My Page Requiring Authenticated Access">
.
.
.
</apex:page>


public class MyController {

    public PageReference checkLogin() {
        if (UserInfo.getUserType() == 'Guest') {
            PageReference loginPage = Page.MyLoginPage;
            loginPage.getParameters().put('retURL', ApexPages.currentPage().getUrl());
            loginPage.setRedirect(true);
            return loginPage;
        } else {
            return null;
        }
    }
}

 

Jesse Milburn 18Jesse Milburn 18
I know this thread is old, but I ran into a similiar issue when building up a community site. 

Apparently there is a user behind the scene called 'Community Site Guest User' with a namespace prepended to it, this user does not show up on the orgs list of Users (thanks for that). This guest user was allowed to see the page look and feel even though no data was showing, and it was only the landing page that had this happening.

I found the user by putting the user Id in my visual force page.
{!$User.Id}

Then placed that in my org url to get to the user. From there you can simply deactivate the user, and this forces a redirect to the login page. Of course this will have to be done again once we move to prod, but it beats putting in some code to check for this then do a redirect.

Not sure why this happens, I have our community set to not allow access without loging in. This is the simplest workaround that I came across.