More in this section
Blogs RSS feed

Programming Security: Overview

by User Not Found

[This article is part of the documentation preview for the Programming Security section of the Developer manual. You can view the temporary TOC here]

In Sitefinity terms, Programming Security does not mean building a web application that is immune to hackers. Here, rather, we mean that some users can be have limited rights about what they can do for a given module.

For starters, you should refresh your memory about Security in Sitefinity. In a nutshell: users belong to groups (roles), and roles are granted or denied permissions to do basic operations.

What should the end result of a secured module look like? Well, it depends on you, the developer. You could do either of the following

  • Hide parts of the user interface if a user is not granted certain permissions
    For example of this approach, try the following: create a new user that has only CmsAccess permission and log in with his/her credentials.
  • Apply different style to commands in UI that a user is not granted permission to execute
  • Display error messages
In Sitefinity, we call modules that provide security "Secured modules". Actually, we call every object that implements some kind of security a "secured [insert name here]". That being cleared, a secured module needs the following things:
  • First and foremost, it needs SecurityRoot
  • One or more permission classes
  • Use custom permission classes in module to tell if a user is granted permission to perform a task
  • Register security root(s) in the module class
If you want to see an example of how to implement a secured module, you can take a look at the sample Contacts pluggable module.

Leave a comment