Just wanted to share a recent experience I had with a client. Basically they have a site that they’re developing in and I was working with them on something else completely different and in the middle of showing me something, he clicked the Preview button from within the content editor and suddenly, the next thing I see is that we’re at the Sitecore login page. He groaned and said something about how this always happened to them and how much they hated it. I quickly assured him that this was NOT normal and that this shouldn’t be happening. With a quick promise to find out what the problem was, I set out to do exactly that. A search of the internet didn’t turn up much, but after some more digging around, I finally happened upon another client that had the same thing happen to them. I shared the fix with my client and presto.. they were back to clicking on preview and everything worked just as expected. I’ll run through what was happening and I’m sure that there’s some .NET guru out there who can explain it better than I, but hopefully this will help someone else who might be running into this problem.
Clicking on preview or page editor from Publish tab would immediately send users to the login screen.
Clicking preview from the presentation tab would also send users to the login page.
Clicking Preview or Page Editor from Start menu would work just fine:
The site declaration required users to login:
<site name="website" requireLogin="true" loginPage="/login.aspx" virtualFolder="/" physicalFolder="/" rootPath="/sitecore/content" startItem="/Home" database="web" domain="extranet" enablePreview="true" enableWebEdit="true" />
Removing requireLogin=”true” and the login page from declaration plus enabling anon access would fix the issue.
A check of the error logs reveals nothing at all to suggest that this is a result of an error. A look at their web.config showed that they were using ASP.NET impersonation and subsequently, had disabled anonymous access. In other words, they had completely eliminated the ability for an anonymous user to view their site. As it turns out, this was the problem. Here’s why.
For Sitecore, the preview button is a way to preview how the page will look on the finished site. Since most sites are designed to be viewed by the anon user, preview functionality works in context of the extranet\Anonymous user. This user is also used for all non-authenticated requests. Basically, anything that was a non authenticated request is going to kick the person logged in to Sitecore back to the login screen as soon as a request is made using the Anon user. Things like having the ability to preview the site are crucial if your development environment is not using live mode since it would force a user to publish content just to preview how it looked on the site.
In order to make this work again, you’ll have to evaluate your needs and determine the best way for that to work for you. 2 of the clients in question had 2 very different situations that both resulted in them disabling access for the extranet\Anonymous user. How to resolve that depends on your requirements and as such, I don’t offer an easy work around for all involved. I just thought I’d share what seems like odd behavior and point out why it’s happening so that you can then figure out the best way to fix it … whether it be to just set up a new app pool to run as the identity your web services require rather than use impersonation or it may require writing your own code to allow commands to run in the context of the currently logged in user rather than the extranet\Anonymous user and then editing the /app_config/commands.config file to point to your new code. I have to admit that I’m not an expert on IIS and http requests, so if there is some magic answer here that I don’t know, I’d love to hear back on this.