RTUR.NET

.NET and Open Source: better together

NAVIGATION - SEARCH

Password protect posts and pages in BlogEngine

MB_0024_LOCKSometimes you might want to protect individual posts or pages with a password so that only users you sent password to can access this resource. Not exactly wide-spread scenario, which explains why it is not currently supported by BlogEngine. But when you need it you need it, and this extension should cover the basics.

Installing and using extension

You can download extension from the gallery and install it following general instructions. To use, when creating or updating post or page add this anywhere inside body: [ password:mypassword ]. There is no gaps inside square brackets, and you’ll use your own password instead of “mypassowrd”.

Password protect posts

The way it works for posts, it only protects single post, or post details, the one with comment form on it. So you would need to use it with [ more ] tag to only show a teaser or whatever best in your case. Then when someone clicks “more” extension will redirect to the page where user can enter password.

image

Password protect pages

For pages it is easier as they not listed and page menu goes directly to the page which is protected. One thing to remember is that most likely you want to uncheck “show in list” for protected pages, so they won’t even show up in the menu in the first place. Then of cause you need to provide link to the page along with password to authorized user(s).

image

For authenticated users only?

Also, if you wish authenticated users only were able to access the page, replace code in ~/App_Code/Extensions/PasswordProtect.cs with code below and use [ authenticated ] instead of [ password:thepassword ] when create/update post or page.

namespace App_Code.Extensions
{
    using System;
    using BlogEngine.Core;
    using BlogEngine.Core.Web.Controls;
    using System.Web;

    [Extension("Password protect posts and pages.", "1.0", "<a href=\"http://rtur.net/blog\">rtur.net</a>")]
    public class PasswordProtected
    {
        public PasswordProtected()
        {
            Post.Serving += Serving;
            BlogEngine.Core.Page.Serving += Serving;
        }

        private static void Serving(object sender, ServingEventArgs e)
        {
            if (e.Location == ServingLocation.SinglePost || e.Location == ServingLocation.SinglePage)
            {
                if(e.Body.Contains("[authenticated]"))
                {
                    e.Body = e.Body.Replace("[authenticated]", "");
                    if (!HttpContext.Current.User.Identity.IsAuthenticated)
                    {
                        HttpContext.Current.Response.Redirect(string.Format("{0}Account/login.aspx", Utils.RelativeWebRoot));
                    }
                }
            }
        }
    }
}

Download Password Protect

Comments (6) -

Can this be modified to allow logged in users to view the page instead of having one password?  Thank you

Just added section for authenticated users.

Thank you so much for doing this, I really appreciate your help.  This extension will be put to good use.

Well I found a little bug in this solution.
The password shows up in the search results if you search the article (posts) on his tags.

I only tested this on the posts and not on the pages..






Are you using latest development build? That probably because we added new event handler recently for search and extension does no account for it. (http://blogengine.codeplex.com/SourceControl/changeset/changes/c09dd1ab12b7). It is an easy fix, but it could effect other existing extensions as well... Even small application like BlogEngine has a lot of legacy to carry along :)
Thanks for bringing this up, I'll see what is the best way to handle it and apply fix to the package.

That's great way for entries security

Comments are closed