creating a page wtih no access right required?


Hi Everyone,

Regarding to creating a page

"DataFactory.Instance.Save(targetPage, EPiServer.DataAccess.SaveAction.Publish);"  does it but you have to log in as an episerver user which belongs to a group that has the right to create a page right?

In my case, I need that an end use should be able to create a page when he's not in any user group, how to do that? something like

DataFactory.Instance.Save(myPage, EPiServer.DataAccess.SaveAction.ForceCurrentVersion, EPiServer.Security.AccessLevel.NoAccess);  ?

that doesn't work for me.  Any1 could tell me how to do this?

Many thx.

Feb 08, 2010 16:50


I noticed in your code sample that you are supplying the enum value "ForceCurrentVersion" instead of "Publish" when saving with the additional AccessLevel parameter. Might this be the cause of your problem? If you want to force the current version you should bitwise add these two enum values.

Linus Ekström
EPiServer Development Team

Feb 08, 2010 17:28

Hi Linus,

Hm, I don't think so, or I'm not sure, I'll try something then. But first of all, is it possible for an end user without login to create a page?

Feb 08, 2010 18:27


You can't do a ForceCurrentVersion on a new page(learned that the hard way  ;-)), you have to handle that yourself.
And you have to use ForeCurrentVersion with for instance Publish.


Feb 08, 2010 19:39

And you can create a new page without being logged in.

Feb 08, 2010 19:50

Thank you guys, it works now. Darn it, how obvious (:  I was slow -.-'

Feb 09, 2010 10:07

D'oh, A follow-up question to this thread.

Now I need the end user to upload a photo together with the page he created, and I got an error says Not authorized to access /pagefiles/blablabla

Anywho, is it possible for an none logged-in user to upload a pic together with the page he's going to create? if so, how?

Feb 09, 2010 11:02

you need to do a ByPassAccessCheck on the VPP when uploading files from an anonymous user.


Feb 09, 2010 11:04
Feb 09, 2010 11:30

Sorry for the spam, I still got problem with this. I did 'pageRootDirectory.BypassAccessCheck = true;' it seemed to be ok, then problems come to the Upload file function,  which calls a 'GetUnifiedDirectory' to get the directory, the problem happens to this line

'UnifiedDirectory directory = HostingEnvironment.VirtualPathProvider.GetDirectory(path) as UnifiedDirectory;' it says not authorized.

The whole process looks like this :

string virtualPathFromFolderId = VirtualPathUtilityEx.Combine(pageDirectoryRootVirtualPath, VirtualPathUtility.AppendTrailingSlash(folderId.ToString()));
UnifiedDirectory pageDirectory = HostingEnvironment.VirtualPathProvider.GetDirectory(virtualPathFromFolderId) as UnifiedDirectory;

if (pageDirectory == null)
                            pageRootDirectory.BypassAccessCheck = true;                
pageDirectory = pageRootDirectory.CreateSubdirectory(folderId.ToString(), myPage);

UploadFile(uploadFile.FileContent, uploadFile.FileName, virtualPathFromFolderId);

protected void UploadFile(Stream fileContent, string filePath, string destination)
            UnifiedDirectory dir = GetUnifiedDirectory(destination);
            UnifiedFile uFile = dir.CreateFile(filePath);
            Stream s = uFile.Open(FileMode.CreateNew);
            StreamConsumer.CopyToEnd(fileContent, s);

protected UnifiedDirectory GetUnifiedDirectory(string path)
            UnifiedDirectory directory = HostingEnvironment.VirtualPathProvider.GetDirectory(path) as UnifiedDirectory;
            if (directory == null)
                throw new ArgumentException("Given path is not a Unified Directory");
            return directory;

  Any1 can see what my problem is?


Many thx!

Feb 09, 2010 12:46

Are you sure that the user running your IIS/Worker thread has change acces to the VPP?
If it's 2003 server that user is probably "Network Service"


Feb 09, 2010 12:52

It's is actually 2003, does it mean I have to actually change the vpp folder's property? We have other EPiServer sites as well.

The code works when I logged in as an EPiServer user, it does everything correctly, it only break when I do it anonymously.

So, do u suggest me to change the VPP folder property? I really dont want to do that tho >.<

Feb 09, 2010 13:50

Hi you all!

I'm having a strange problem when programatically creating a page as anonymous user. As I save the page with the following line:
DataFactory.Instance.Save(newPage, EPiServer.DataAccess.SaveAction.Publish, EPiServer.Security.AccessLevel.NoAccess);
I get an error saying: Procedure or function 'netPageCreate' expects parameter '@UserName', which was not supplied.

The code i use works flawless on another site. Any ideas? I'm using EPi CMS 5.2.375.133.

Mar 24, 2010 15:37

Nevermind, found a solution. Had to add the following lines to OnCreatingPage-event in Global.asax:

if (!EPiServer.Security.PrincipalInfo.CurrentPrincipal.Identity.IsAuthenticated)
                EPiServer.Security.PrincipalInfo.CurrentPrincipal = EPiServer.Security.PrincipalInfo.AnonymousPrincipal;

Mar 25, 2010 15:12
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.