Page History: Security Overview - Sitecore

Compare Page Revisions

26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Current 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

« Older Revision - Back to Page History - Newer Revision »

Page Revision: Fri, May 11, 2012, 1:54 PM

Overview¶

By default the Everyone user is granted Read access at /sitecore root. This article outlines the fundamentals of securing your website's pages to authorized users.

Procedure¶

Sitecore Security Editor¶

• Deny read access to Everyone either at /sitecore/Content or at the root folder of your site.
  

• Grant read access to Everyone to public pages such as the home page, login page (if different), user registration, password recovery, and anything else a user needs access to before logging in.
  

Web.Config¶

• Within the /configuration/sitecore/sites/site for your site, set the loginPage attribute to the page to be redirected to, and set the requireLogin attribute to true.
  

• Within /configuration/sitecore/settings/setting set Authentication.SaveRawUrl to true.
  

Login Page Code-Behind¶

Add code to your login page to read the url query string parameter, decode it, and redirect to that URL.