Programming Security: Overview

Programming Security: Overview

April 24, 2009 0 Comments

The content you're reading is getting on in years
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.

[This article is part of the documentation preview for the Programming Security section of the Developer manual. You can view the temporary TOC here]

In Sitefinity terms, Programming Security does not mean building a web application that is immune to hackers. Here, rather, we mean that some users can be have limited rights about what they can do for a given module.

For starters, you should refresh your memory about Security in Sitefinity. In a nutshell: users belong to groups (roles), and roles are granted or denied permissions to do basic operations.

What should the end result of a secured module look like? Well, it depends on you, the developer. You could do either of the following

  • Hide parts of the user interface if a user is not granted certain permissions
    For example of this approach, try the following: create a new user that has only CmsAccess permission and log in with his/her credentials.
  • Apply different style to commands in UI that a user is not granted permission to execute
  • Display error messages
In Sitefinity, we call modules that provide security "Secured modules". Actually, we call every object that implements some kind of security a "secured [insert name here]". That being cleared, a secured module needs the following things:
  • First and foremost, it needs SecurityRoot
  • One or more permission classes
  • Use custom permission classes in module to tell if a user is granted permission to perform a task
  • Register security root(s) in the module class
If you want to see an example of how to implement a secured module, you can take a look at the sample Contacts pluggable module.

The Progress Team

View all posts from The Progress Team on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.

Comments are disabled in preview mode.
Latest Stories
in Your Inbox

Subscribe to get all the news, info and tutorials you need to build better business apps and sites

More From Progress
ProgressNEXT: Premier Event for Modern Application Development
Read More
Seven Reasons to Check Out Sitefinity 11.1
Read More
Getting Started with Your Omnichannel Content Strategy
Read More