Sitefinity CMS can automatically demand permissions, provided that your code gives a little help in the process. This topic will give you a high-level overview of the things one must do to have security working. Details will be given in subsequent topics.
Here is a short algorith describing the steps that you have to undertake in order to have a secured module:
Decide which data items (model items) to secure and what security actions to perform on them.
Choose from the built-in permission sets or create new to suit your needs.
Decide on the permissions inheritance, if you are going to use granular permissions.
Implement ISecuredObject on your secured model classes.
Make your providers to initialize the security root
Secure provider methods with attributes
If you are not using OpenAccess, implement security hooks in your provider decorator.
Make your queries hide elements that do not have the view permission.
NOTE: Although Sitefinity CMS will demand for permissions and filter viewable items for you if you follow the steps, you should be aware of the DataProviderBase.SuppressSecurityChecksproperty. It is not directly accessible through the manager, but it is still accessible through the active provider. If set to true, all security checks/demands/filtering will be off. You should respect this setting when implementing your own secured module. Sitefinity CMS turns off security during project installation, so if you don't respect this setting, Sitefinity CMS will fail to install.
Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.
The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important