Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Customising the CMS /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

[SOLVED] Different Login/Authenticator for Site/CMS

Go to End

2 Posts   1404 Views

Dave L

Community Member, 60 Posts

1 October 2009 at 12:03pm

Edited: 03/10/2009 12:59pm


The site I'm working on has a different authentication model for web users. However, it's not secure enough for admin so I disabled admin access using this method use the main authentication for admin. Is there any way to show my CustomAuthenticator when requesting access to the website, but normal MemberAuthenticator when requesting access to the CMS?

I've got as far as showing both when anonymous users are trying to access secure pages. However, I don't want web users to see the admin authentication. When I unregister MemberAuthenticator, admins have no access method.

I've tried unregistering MemberAuthenticator and calling MemberLoginForm independently, but when login fails it sends you to Security/login and the site Login (not the independent CMS login).

Ideally, I'd like some way to unregister MemberAuthenticator when Director::siteMode() = 'site' (requesting site), and register it when Director::siteMode() = 'cms' (requesting cms)

Dave L

Community Member, 60 Posts

3 October 2009 at 12:59pm

Edited: 03/10/2009 1:00pm


1. Disable MemberAuthenticator, so only customer login shows on normal /Security/login requests



2. Create rule to have a new CMS entry point (in this case "/manager" ), in reality this is just a pointer to the standard MemberAuthenticator, now disabled for all standard security login requests.


Director::addRules(100, array('manager' => 'AdminLogin_Controller',)); 

3. Create a new controller to handle this entry point, ensure any bad logins get redirected back to it.

class AdminLogin_Controller extends Page_Controller {

    function init() {
        Session::set('BadLoginURL', '/manager'); parent::init();

    function Form() {
        return new MemberLoginForm?($this, "LoginForm");

    function Title() {
        return "Admin Log in";