Security is one of the most important non-functional features of each web application, or Sitefinity application in particular. As a CMS, Sitefinity implements security based on the ASP.NET model. The main goal behind this decision is that ASP.NET developers should feel comfortable when working with the Sitefinity security API. This section of the Developers Guide is going to cover working with all aspects of the Sitefinity Security API and provide information on how to integrate its different parts.
Security in Sitefinity can be divided into several subtopics:
- User Storage and Management
This section will cover what user accounts are, and how they are used in Sitefinity. Sitefinity stores information about users in its own database, and the section explains how you can gain access to this account information
- Role Storage and Management
This section will cover what roles are, how they relate to users, and how they are stored in Sitefinity. It will also explain the Roles API that you can use to programmatically gain access to the roles in Sitefinity.
Authentication is how Sitefinity identifies who is the user that currently browsers the site (both frontend and backend). There are many modes of authentication, and you can use different ones, depending on the needs on your application. This section will cover how you can use the API to log into the system on behalf of a user, how to get information for the authenticated user and similar tasks.
Authorization is about what each user in Sitefinity can do, after being authenticated. This section will explore the Permissions API, how to define and enforce access rights for certain types of content, how to check for permissions and add new ones.
- Implementing custom security
Sitefinity is a system with a focus on extensibility. You can develop your own custom modules and widgets, and in more complicated scenarios, you would also need to provide them with the same security capabilities as built-in Sitefinity modules. You can implement your own classes to support permissions, access control and configuration for your module. This section is going to cover all those custom development scenarios in their needs for security.
Each of the above subsections will be covered in detail in its own topics and subtopics, including a list of the API methods available for the particular security scenarios. For information on administrating security in Sitefinity, please refer to Authentication and Single Sign-On and Users, Roles and Permissions in the Sitefinity Installation and Administration Guide.