Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Security Overview - Sitecore

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Tue, Jun 12, 2012, 10:41 AM


Overview

By default the Everyone user is granted Read access at /sitecore root. This article outlines the fundamentals of securing your website's pages to authorized users.

Procedure

Sitecore Security Editor

  • Deny read access to Everyone either at /sitecore/Content or at the root folder of your site.

  • Grant read access to Everyone to public pages such as the home page, login page (if different), user registration, password recovery, and anything else a user needs access to before logging in.

Web.Config

  • Within the /configuration/sitecore/sites/site for your site, set the loginPage attribute to the page to be redirected to, and set the requireLogin attribute to true only if EVERY page on the site (excluding the login page) will require the user to login. Set it to false otherwise.

  • Within /configuration/sitecore/settings/setting set Authentication.SaveRawUrl to true.

Login Page Code-Behind

Add code to your login page to read the url query string parameter, decode it, and redirect to that URL.

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.