Restrict AEM website acccess with a login popup | Community
Skip to main content
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

3 replies

HrishikeshKagne
Community Advisor
Community Advisor
June 5, 2024

Hi @pardeepg4829047 ,

To restrict access to your AEM website with a login popup, you can use AEM's built-in authentication and authorization features. Here are the high-level steps to achieve this:

1. Create a custom login page: You can create a custom login page that will be displayed when a user tries to access the website. This page can include a login form where users can enter their credentials to access the website.

2. Configure authentication: You can configure AEM's authentication handler to use your custom login page. This will ensure that users are redirected to your login page when they try to access the website.

3. Configure authorization: You can configure AEM's authorization settings to restrict access to the website. This can be done by creating a new user group and adding the users who should have access to the website to this group. You can then configure the website's permissions to only allow access to this user group.

Here are some more detailed steps to achieve this:

1. Create a custom login page:
- Create a new page in AEM that will serve as your custom login page.
- Add a login form to this page where users can enter their credentials.
- You can use AEM's built-in login components to create the login form.

2. Configure authentication:
- Open the AEM Web Console and navigate to the "Apache Sling Authentication Service" configuration.
- Set the "Login Page" property to the path of your custom login page.
- Save the configuration.

3. Configure authorization:
- Create a new user group in AEM that will have access to the website.
- Add the users who should have access to the website to this group.
- Navigate to the website's permissions settings and configure them to only allow access to the user group you created.

Once these steps are completed, users will be redirected to your custom login page when they try to access the website. They will need to enter their credentials to access the website. Bots and unauthorized users will not be able to access the website.

Hrishikesh Kagane
arunpatidar
Community Advisor
Community Advisor
June 5, 2024

Hi @pardeepg4829047 
You can disable crawling using robot.txt.

https://www.anura.io/fraud-tidbits/how-to-stop-bots-from-crawling-my-website 

 

you can add basic authentication directly on apache or CDN.

Arun Patidar
Level 3
June 5, 2024

Hi Arun,

 

Since we are using common vhost file for dev, stage and prod by using ServerAlias as *.domain.com - is there a way to apply basic authentication to only dev and stage and exclude production.

Also, can we do this through the pipeline only in AEMaaCS as we dont have seperate dispatcher running on Apache.

kautuk_sahni
Community Manager
Community Manager
June 10, 2024

@pardeepg4829047 Did you find the suggestions from users helpful? Please let us know if you require more information. Otherwise, please mark the answer as correct for posterity. If you've discovered a solution yourself, we would appreciate it if you could share it with the community. Thank you!

Kautuk Sahni