+1-888-365-2779
Try Now
More in this section

Forums / Security / Page Permissions

Page Permissions

4 posts, 0 answered
  1. Scott McNeany
    Scott McNeany avatar
    44 posts
    Registered:
    09 Mar 2010
    16 May 2010
    Link to this post
    Hello, I am wanting to know more about securing certain directories by role. In normal ASP.NET, I would do this by dropping a web.config in that directory and using <deny users="*"/> <allow roles="SecureUserRole, AdminRole"/>. However, in Sitefinity this seem possible since pages and directories are dynamically generated.

    I did read the page at http://www.sitefinity.com/help/developer-manual/security-page-permissions.html that says to set the "Anonymous Access" property on a page/directory and it will be inherited by sub-pages and sub-directories. That is wonderful. However, I'm looking for a way to allow/deny SPECIFIC ROLES, not just allow any authenticated user. How would this be done?

    Also, my membership currently lies in the aspnet_membership tables for site users. Is there anything different with Sitefinity that I should keep in mind when dealing with the aspnet_membersip users and roles? Any gotchas or anything?

    Thanks as always for your help!

    Scott McNeany 
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    16 May 2010
    Link to this post
    Hello Scott McNeany,

    However, I'm looking for a way to allow/deny SPECIFIC ROLES, not just allow any authenticated user. How would this be done?

    If the user is not authenticated you cannot know the role. Membership, Role and Profile providers works with authenticated users and principals.

    All the best,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Scott McNeany
    Scott McNeany avatar
    44 posts
    Registered:
    09 Mar 2010
    16 May 2010
    Link to this post
    Ivan,

    I know the user must be authenticated before checking the role. My question is, can I set up Sitefinity directories to only allow certain roles? Such as, restricting a directory called "Auth" to only users in my custom aspnet_role "AuthenticatedUsers"?

    The only option i see in Sitefinity is to deny anonymous access. This only gets me part of the way there.

    Thank you,

    Scott
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    17 May 2010
    Link to this post
    Hi Scott McNeany,

    The options are

    • anonymous access - set to deny
    • creating custom HttpModule or HttpHandler.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
4 posts, 0 answered