Implement security

Sitefinity CMS can automatically demand permissions, provided that your code gives a little help in the process. This topic will give you a high-level overview of the things one must do to have security working. Details will be given in subsequent topics.

Here is a short algorith describing the steps that you have to undertake in order to have a secured module:

  • Decide which data items (model items) to secure and what security actions to perform on them.

  • Choose from the built-in permission sets or create new to suit your needs.

  • Decide on the permissions inheritance, if you are going to use granular permissions.

  • Implement ISecuredObject on your secured model classes.

  • Make your providers to initialize the security root

  • Secure provider methods with attributes

  • If you are not using OpenAccess, implement security hooks in your provider decorator.

  • Make your queries hide elements that do not have the view permission.

NOTE: Although Sitefinity CMS will demand for permissions and filter viewable items for you if you follow the steps, you should be aware of the DataProviderBase.SuppressSecurityChecksproperty. It is not directly accessible through the manager, but it is still accessible through the active provider. If set to true, all security checks/demands/filtering will be off. You should respect this setting when implementing your own secured module. Sitefinity CMS turns off security during project installation, so if you don't respect this setting, Sitefinity CMS will fail to install.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?