1. Robots.txt
Edit “robots.txt” in the root of your site. You can specify what files and directories should be no interest for web bots based on information here. I simply vote to keep them all out for private blog. Doesn’t mean they’ll listen, but big ones probably will and, as far as I concern, if content of your site not in Google, Yahoo or Live search results – it does not exist for outside world.
User-agent: *
Disallow: /
2. Privatizer
This tiny extension will redirect all anonymous users trying to load post or page to the login.aspx. Very simple but is very effective. I’m thinking about adding features to this extension, like ability to specify custom login page etc but for now this will do just fine.
using System;
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Web;
[Extension("Privatizer", "1.0", "<a href=\"http://rtur.net\">Rtur.net</a>")]
public class Privatizer
{
public Privatizer()
{
Post.Serving += new EventHandler<ServingEventArgs>(Serving);
BlogEngine.Core.Page.Serving += new EventHandler<ServingEventArgs>(Serving);
}
void Serving(object sender, ServingEventArgs e)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
string loginUrl = string.Format("{0}signin.aspx", Utils.AbsoluteWebRoot);
HttpContext.Current.Response.Redirect(loginUrl);
}
}
}
3. Customizing login page
Login page in BE inherits from BlogBasePage class, that means it inherits standard master page and appears in the browser surrounded with usual header, footer, sidebar(s) etc. This may be ok – or maybe not, depending on your needs. If it is not exactly what you want it to look like, for example you want just a logon box show up for anonymous users, at least two routes you can take here: edit login.aspx or create your very own replacement. You can create “signin.aspx”, and edit Privatizer extension to use it for redirects. The second way is a bit more involved; references to login.aspx may exist in very strange places. I would go with editing login.aspx, even if it means you’ll have to remember keep it when migrate to new BE version.
4. Create not admin users
If you looking for members only blog, you need to create (or allow to register) new users. BE uses customized ASP.NET membership provider, so you can use standard login controls for these functions. By default, there are two roles: admin and editor. Create editor accounts for the members of the blog and send invites by email or whatever way you prefer to communicate with new blog members. You may also create new roles, but for now I won’t go there.
5. Admin panel
Editors have access to some of the functions in admin panel, like adding new posts, pages, updating categories etc. If default functionality does not match your needs and you want to add/remove access to admin interface, go to /admin/pages and edit web.config. Use “allow roles” node to change access to any tab in the admin panel, it is very straight forward – you can see from example below that both admin and editor have access to blog roll. As soon as you remove editor, this tab will disappear for non-admin users.
<location path="Blogroll.aspx">
<system.web>
<authorization>
<allow roles="administrators, editors"/>
<deny users="*" />
</authorization>
</system.web>
</location>
This work is in progress – you can leave your comments, tips, suggestions here.