Protecting InstantForum


InstantForum Question
Hi, I've got the forum set up in a Forum folder. I'd like the whole forum protected by default. ie. nothing shows until logged in. What changes can I make to web.config, either in my Forum folder or root folder.
Edited
4 Years Ago by jules_winona
InstantForum Question

Hi Jules,

Thanks for your post and welcome to our forums. We've seen this question quite often and thankfully this is quite straight-forward. There are a couple of options which I've highlighted below. I'd suggest using both options together for the greatest control. 

Hide All Forums From Anonymous Users

You can control which forums are visible to "Anonymous" users or users who are not logged in. To ensure your forums are not visible to users who are not logged in simply ensure your forum categories are not associated with the built-in "Anonymous / Guest" member group. 

Only forums and categories associated with the built-in "Anonymous / Guest" member group will be visible to users who are not logged in. 

You can read more on how our role based security works here.

Redirect All Anonymous Requests to Login Page

To require everyone to login or create an account before they can see your forum I would suggest using <authorization> tags within your InstantForum web.config. This will restrict access to every page within InstantForum aside from the registration & login pages for users who are not authenticated.

 You will need to open your InstantForum web.config file within NotePad and add the following elements to restrict access. 

<!-- Only allow access for member groups listed below -->
<location path="">
<system.web>
<authorization>
<allow roles="Administrators,Forum+Members,Moderators,Awaiting+Activation" />
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- Allow access for anonymous users only to login & register pages -->
<location path="Register.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="CaptchaImage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ConfirmationMessage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Logout.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Logon.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="skins">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="js">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>

Place this code just below the existing </System.Web> tag within the InstantForum web.config. With these elements in place any request to a restricted page will redirect the user to the LoginURL set within the authentication / forms element also within the InstantForum web.config file. 

Does this help you achieve what you need Jules. Please don't hesitate to respond if I can assist further, 

http://www.instantasp.co.uk/images/line.gif
Kindest Regards,

Ryan Healey



ryan@instantasp.co.uk
www.instantasp.co.uk
Blog | Community | Docs

http://www.instantasp.co.uk/core/assets/images/email/facebook.png http://www.instantasp.co.uk/core/assets/images/email/twitter.png http://www.instantasp.co.uk/core/assets/images/email/google.png http://www.instantasp.co.uk/core/assets/images/email/linkedin.png

Hi Ryan, excellent - that works great.
GO

Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....







InstantASP Forums


Search