Editor Hack: Add simple password protection to some content (code free)

blog header image

As much as I love coding, sometimes a quick editorial solution can be needed to solve a pressing market need without time for development, test and deployment. This was one of those times.

A client came to me with an urgent need to make some content on their website available only to visitors that knew a 'secret password'.

Typical use case for something like this could be that you want to make slides available on your website to an audience that has attended a webinar or in some other way have been given the password. 

In this particular case, it was so urgent that we wouldn't have time to go through a development/test/deployment cycle - and there was no need for this to be completely hacker-proof. I found it to be a fun challenge - and I'll describe the solution here in case it can benefit others.

An obvious choice could of course have been to simply change access rights of the page with the 'secret' content, so Everyone did not have read access - but this would require that the site already have a membership/authentication/user system in place, which it didn't.

We could also do something with VirtualRoles - but that would require configuration and probably also code changes so that wasn't ideal either.

Eventually I came up with this approach:


Create a page with an episerver form to enter a password. Then define a visitor group to match visitors that entered the required password in that form, and finally setup another page (connected to the form so it's shown after submit) that uses personalization to show the secret content to visitors with the correct password - and a "wrong password" message to everybody else. Simple, right?

Luckily the site already had the Forms Samples (https://github.com/episerver/EPiServer.Forms.Samples) installed that include a criterion to check for submitted form values :-)

Check out the full video here.

Recent posts