Multiple websites and cross-site requests are illegal
I have two IIS sites pointing to different physical folders. This allows you to distinguish between the web.config file and the files and assemblies used for the sites The database is configured to point to the same instance for both sites The web.config is configured to run from different parts This structure looks like this:
-
/ Sitecore / content / home / default
-
/ Sitecore / content / home / intranet
So far so good.
Now the problem is that I can get content that does not belong to the actual site by entering its full path. Those..
http://www.default.com/sitecore/content/home/intranet.aspx
<- this should not be allowed as it is www.default.com
configured with /sitecore/content/home/default
as root user.
Is there a built-in mechanism to prevent it or do I need to subclass itemresolver to make cross-site resources illegal.
source to share
This has to do with how Sitecore resolves items, I found 3 different URLs for each item. For example, I have the following structure:
-sitecore
-content
-home
-page1
I can access page1 through:
-
http://mysite/sitecore/content/home/page1.aspx
-
http://mysite/page1.aspx
-
http://mysite/home/page1.aspx
However, knowing this will not help solve your problem. The best solution I can suggest is to use security. However, if both sites need anonymous access, the question is, how do you control this?
I am assuming that since you have two separate web.config you also need to separate the Sitecore configuration sections. So what we can do is create a pipeline process that runs as part of the HTTP request start route (in the web.config file as / configuration / sitecore / pipelines / httpRequestBegin) that creates one for each site and updates the corresponding web.config. When this process is called, it can create a virtual user that belongs to a group that restricts access to the site that the user has requested.
Below is the code that shows you how to create a virtual user:
And here on the pipelines:
Hope it helps :-)
source to share