+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Document Security

Document Security

4 posts, 0 answered
  1. J
    J avatar
    20 posts
    Registered:
    05 Feb 2008
    13 Nov 2008
    Link to this post
    Hi - I am working on a project in which there is a Customer Portal. There are almost a thousand customers. Once a customer logs in, they are given a list of documents but the documents are specific to a customer.
    So for example, when customer A logs in, he sees docs a1, a2, and a3
    when customer B logs he, he sees docs b1, b2, b3

    How would one configure this in Sitefinity? It almost seems like we would need to create a document library for each customer, setup a role for each customer and secure the folder (created for that customer's document) with that role. This seems pretty cumbersome and tedious.

    This has actually come up a few times now in other projects. Thoughts?
    Thanks.
  2. J
    J avatar
    20 posts
    Registered:
    05 Feb 2008
    14 Nov 2008
    Link to this post
    Any feedback here guys? Thanks.
  3. John
    John avatar
    32 posts
    Registered:
    08 Oct 2008
    14 Nov 2008
    Link to this post
    Hi,

    Sitefinity cannot restrict a user by document or even document library. It is black or white with Sitefinity; you can either see all of the document libraries with all of the documents, or see none of them at all. These permissions don't apply for the pages themselves; once you drag on a download list to a page users can see it based on page permissions.

    You'd have to make a page with a download list based on a certain category. For example, make a download list displaying all the documents with category A, then another page with a download list for category B and etc.

    Hope this helps.

    ~John
  4. Pepi
    Pepi avatar
    981 posts
    Registered:
    28 Oct 2016
    18 Nov 2008
    Link to this post
    Hi J,

    We confirm that Images & Documents module does not provide the required functionality out of the box. As a workaround you could implement your own HttpHandler that extends from Telerik.Cms.Engine.ContentHttpHandler base class and override ProcessRequest method. You need to do the following:

    1. Check if the URL of the current request contains the URL of the secured document item.
    2. In case the current user tries to access the specific document, check if he/she is authenticated and belongs to a role with permissions to view this item.
    3. If the user is not authorized, throw "Access forbidden" exception.
    4. Replace Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine type in the web.config file with the one you created.

    The provided solution will not be effective if you should manage a lot of document items in this way.

    We are sorry for the inconvenience caused.

    Kind regards,
    Pepi
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Register for webinar
4 posts, 0 answered