I use this extension. Just save the file as RequireLogin.cs in your App_Code\Extensions folder and make sure the extension is activated.

我使用这个扩展。只需将文件保存为 App_Code\Extensions 文件夹中的 RequireLogin.cs 并确保扩展程序已激活。

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.HtmlControls;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using BlogEngine.Core;

using BlogEngine.Core.Web.Controls;

using System.Collections.Generic;



/// <summary>

/// Summary description for PostSecurity

/// </summary>

[Extension("Checks to see if a user can see this blog post.",

            "1.0", "<a href=\"http://www.lavablast.com\">LavaBlast.com</a>")]

public class RequireLogin
{

    static protected ExtensionSettings settings = null;



    public RequireLogin()
    {

        Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);



        ExtensionSettings s = new ExtensionSettings("RequireLogin");

        // describe specific rules for entering parameters

        s.Help = "Checks to see if the user has any of those roles before displaying the post. ";

        s.Help += "You can associate a role with a specific category. ";

        s.Help += "All posts having this category will require that the user have the role. ";

        s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";

        ExtensionManager.ImportSettings(s);

        settings = ExtensionManager.GetSettings("PostSecurity");

    }



    protected void Post_Serving(object sender, ServingEventArgs e)
    {
        MembershipUser user = Membership.GetUser();
        if(HttpContext.Current.Request.RawUrl.Contains("syndication.axd"))
        {
            return;
        }

        if (user == null)
        {
            HttpContext.Current.Response.Redirect("~/Login.aspx");
        }
    }
}

I would think it's possible to do this in the web config file by doing something like the following:

我认为可以通过执行以下操作在 Web 配置文件中执行此操作：

<system.web>
    <authorization>
      <allow roles="Admin" />
      <deny users="*" />
    </authorization>
</system.web>

lomaxx's answer didn't work, so I decided to avoid making blogengine.net perform auth for readers.

lomaxx 的回答没有用，所以我决定避免让 blogengine.net 为读者执行身份验证。

on iis, i disabled anonymous access and added a guest users to the win2k3 user list.

在 iis 上，我禁用了匿名访问并将来宾用户添加到 win2k3 用户列表中。

We created a simple tool that gives certain users access to certain posts according to their ASP.NET Membership Roles to acheive a somewhat similar result.

我们创建了一个简单的工具，允许某些用户根据他们的 ASP.NET 成员角色访问某些帖子，以实现类似的结果。

http://blog.lavablast.com/post/2008/08/BlogEnginenet-Post-Security.aspx

http://blog.lavablast.com/post/2008/08/BlogEnginenet-Post-Security.aspx

From: BlogEngine.NET 2.5 - Private Blogs

来自：BlogEngine.NET 2.5 - 私人博客

If you go into the control panel, Users tab, Roles sub-tab (right side), for "Anonymous" on the right-side Tools area, hover over that and select "Rights".

如果您进入控制面板，用户选项卡，角色子选项卡（右侧），对于右侧工具区域的“匿名”，请将鼠标悬停在其上并选择“权限”。

You are now on the Rights page for the Anonymous role. Uncheck everything, in particular "View Public Posts". HOWEVER, you do need to keep at least one item checked, otherwise everything reverts back to the default. For example, you could keep "View Ratings on Posts" checked. Then Save.

您现在位于匿名角色的权限页面。取消选中所有内容，尤其是“查看公开帖子”。但是，您确实需要至少选中一项，否则一切都会恢复为默认值。例如，您可以保持选中“查看帖子评分”。然后保存。

Then anyone who is not logged in should automatically be redirected to the Login page no matter where what page they try to enter the site at.

然后，任何未登录的人都应自动重定向到登录页面，无论他们尝试在哪个页面进入站点。