Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Security Overview - Sitecore

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Tue, Jun 12, 2012, 10:49 AM


Overview

By default the Everyone user is granted Read access at /sitecore root. This article outlines the fundamentals of securing your website's pages to authorized users.

External User Setup Procedure

Sitecore Security Editor

  • Deny read access to Everyone either at /sitecore/Content or at the root folder of your site.

  • Grant read access to Everyone to public pages such as the home page, login page (if different), user registration, password recovery, and anything else a user needs access to before logging in.

Web.Config

  • Within the /configuration/sitecore/sites/site for your site, set the loginPage attribute to the page to be redirected to, and set the requireLogin attribute to true only if EVERY page on the site (excluding the login page) will require the user to login. Set it to false otherwise.

  • Within /configuration/sitecore/settings/setting set Authentication.SaveRawUrl to true.

Login Page Code-Behind

Add code to your login page to read the url query string parameter, decode it, and redirect to that URL.

Administrative User Setup Procedure

Role Manager

  • Create new role called "sitecore\My Site Administrator"

  • Make this new role a member of the following built-in roles
    • sitecore\Sitecore Client Users — this gives members permission to use the Sitecore admin site
    • sitecore\Sitecore Client Publishing — this gives members permission to publish content

Core Database Security Editor

  • Within the Core database grant the new administrative role Read permission to the following items.
    • Core:/sitecore/content/Documents and Settings/All users/Start menu/Left/Content Editor — this causes the Content Editor to appear on the members menu
    • Core:/sitecore/content/Applications/Content Editor — this grants the user the right to execute the Content Editor application

Master Database Security Editor

  • Grant the new administrative role Write permission to static content pages, like Terms of Use, Privacy Statement, Help, etc. This will give members the permission to make changes to these "documents".

  • Grant the new administrative role Create Item and Create Descendants permission to content folders that hold a document repository. This will give members permission to create new documents on the site.

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.