Quantcast
Channel: Brian Pedersen's Sitecore and .NET Blog
Viewing all articles
Browse latest Browse all 286

Sitecore: Login to website and how to restrict access to content

$
0
0

The Sitecore security model has not changed substantially since Sitecore 4. And yet I still find myself struggling every time I have to set up a website that require login, or where users require special access rights to parts of the content.
As always, Sitecore provides you with a platform, not the solution. This gives you the flexibility to choose the setup that’s right for you. So this article gives you the hints you might need to set up your own protected website.

SETUP: HOW TO ENFORCE LOGIN ON YOUR SITE

Enforcing login is done in the <sites> section of your Sitecore.config:

<site name="website"
    rootPath="/sitecore/content/*******"
    startItem="/Frontpage"
    loginPage="/Login"
    requireLogin="true"
    ...
    ...
</site>

The loginPage determines the path to the login page, and the requireLogin=true determines that the site is not accessible at all without login. Set requireLogin to false, but keep a path to the loginpage if only some pages are protected using a login.

REMEMBER: Your login page cannot have special rights. Everyone needs to have access to the login page.

CASE 1: EVERYONE WITH THE RIGHT LOGIN HAS ACCESS TO EVERYTHING

In this case, all you need is to set requireLogin=true, and set loginPage=[some login form], and you are all set.

This happens because Sitecore have per default given “Everyone” read access to the entire Sitecore solution. “Everyone” is a system role that describes every user.

Role Everyone Has Access to Everything

Role Everyone Has Access to Everything

CASE 2: NOT EVERYONE HAS ACCESS TO EVERYTHING

If a section of your website require a certain role to be access, you need to:

  • Tell Sitecore that “Everyone” does not have access.
  • Give read access to the specific role.

In this example, I break the “Everyone” inheritance by introducing a system folder:

Special Roles Are Required Below this Folder

Special Roles Are Required Below this Folder

On the “profile” folder, I deny read access for “Everyone“, both for the folder and all descendants.

Everyone Denied on the Profile Folder

Everyone Denied on the Profile Folder

Then, for each item, I specify which roles have read access:

Roles Per Item

Roles Per Item

MORE TO READ:



Viewing all articles
Browse latest Browse all 286

Trending Articles