Programming Security: Overview

Programming Security: Overview

April 24, 2009 0 Comments

The content you're reading is getting on in years
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.

[This article is part of the documentation preview for the Programming Security section of the Developer manual. You can view the temporary TOC here]

In Sitefinity terms, Programming Security does not mean building a web application that is immune to hackers. Here, rather, we mean that some users can be have limited rights about what they can do for a given module.

For starters, you should refresh your memory about Security in Sitefinity. In a nutshell: users belong to groups (roles), and roles are granted or denied permissions to do basic operations.

What should the end result of a secured module look like? Well, it depends on you, the developer. You could do either of the following

  • Hide parts of the user interface if a user is not granted certain permissions
    For example of this approach, try the following: create a new user that has only CmsAccess permission and log in with his/her credentials.
  • Apply different style to commands in UI that a user is not granted permission to execute
  • Display error messages
In Sitefinity, we call modules that provide security "Secured modules". Actually, we call every object that implements some kind of security a "secured [insert name here]". That being cleared, a secured module needs the following things:
  • First and foremost, it needs SecurityRoot
  • One or more permission classes
  • Use custom permission classes in module to tell if a user is granted permission to perform a task
  • Register security root(s) in the module class
If you want to see an example of how to implement a secured module, you can take a look at the sample Contacts pluggable module.
progress-logo

The Progress Guys

View all posts from The Progress Guys on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.

Comments
Comments are disabled in preview mode.
Topics
 
 
Latest Stories in
Your Inbox
Subscribe
More From Progress
d12fcc0bdb669b804e7f71198c9619a7
5 Questions Automakers Should Ask to Improve Asset Uptime
Download Whitepaper
 
SF_MQ_WCM
2018 Gartner Magic Quadrant Web Content Management (WCM)
Download Whitepaper
 
What-Serverless-Means-For-Enterprice-Apps-Kinvey
What Serverless Means for Enterprise Apps
Watch Webinar