November 5, 2010

Setting up an extranet login page in Sitecore

Filed under: Sitecore — joel.cass @ 8:30 am

Recently, I had issues with the setup of a public logon page in Sitecore. The setup was very similar to the way that login work in the Intranet solution, e.g.

1. A login.aspx page is created in the project folder
2. Settings are added to the web.config <site> tag: loginPage=”/login.aspx” + requireLogin=”true”
3. The login page either displays a form or is secured in IIS and then gets the AUTH_USER header to login users (if implmenting an AD solution)

The problem is, so it seems, that the latest version of sitecore (6.2) works differently from previous versions as documented here and here. The URL parameters item, user, and site are no longer passed. Furthermore, adding a SecurityResolver pipeline didn’t seem to work any longer.

So in 6.2, when a user cannot be authenticated to access a page, they are simply redirected to /login.aspx without any return URL or other useful information. This makes the situation even worse if you are trying to preview a page from the administration interface – basically every initial request is redirected to /login.aspx, and once authenticated the user is returned to the home page, as the original URL was lost when the user was redirected to /login.aspx.

Things seemed futile until a text search of the various config’s revealed the following setting in the web config:

            Specifies whether the original request URL is passed to the login page
            (saved in 'url' query string parameter).
            Default: false
      <setting name="Authentication.SaveRawUrl" value="false" />

Changing this setting to “true” now means that the return URL is passed through to /login.aspx as the ‘url’ querystring parameter. You’ll need to modify your login.aspx to look for this parameter and decode the parameter using Server.UrlDecode before redirecting.

This solution is simpler than the previous options available. It’s probably documented somewhere, I just never got a chance to read about it. I hope this is of help to anyone else who may be facing the same issues.


  1. How do you build your return url in your code? Can you give an example of this?

    Comment by V — March 26, 2014 @ 3:17 am

  2. You just saved me big time. Thank you!

    Comment by Cole — September 30, 2014 @ 11:01 am

RSS feed for comments on this post. TrackBack URL

Leave a comment