Return to doc.sitecore.com

  Security
Prev Next
Print this page (opens in new window) Print

1.  Access Permissions

The most noticeable change to security is that often you don’t need to think about it – all security checks are handled implicitly by Sitecore API.   

When rendering a page, you don’t have to check whether a user can access the current item – the user will not be allowed to see the page in the first place.  

When retrieving an item or item collection you don’t need to remember to check the security: Sitecore will only return items that the current user is allowed to see.  

It is possible to temporary switch the security off to regain Sitecore V4 semantics:

using (new SecurityDisabler())
{

   Item secure = database.Items[“/sitecore/content/home/secure”];
}  

To explicitly check the security assignments there’s a helper method for each operation:

item.Access.CanRead()

item.Access.CanWrite()

...  

Note that a list of possible assignments was changed in Sitecore V5. In particular, ‘Admin’, ‘Approve’, ‘Publish’ and ‘None’ were removed. ‘Administer’ assignment controls whether a user can modify security assignments. 

Sitecore V4

Sitecore V5

Sitecore.Security, Sitecore.ExtranetSecurity

Sitecore.Context.Security

2.  Domains, Users and Roles

Sitecore V5 introduces the domain concept – roles, users and security assignments are bound to a specific security domain, similar to the Windows security.   

The credentials are also validated against specific domain:  

// login a user

DomainAccessResult result = Sitecore.Context.Domain.Login(login, password);

if (result.Success)

{

   Response.Write(“Welcome”);
}

else

{

  Response.Write(“Cannot log in: “ + result.Message);
}  

Instead of using generic database access to retrieve the users or roles (groups in Sitecore V4) you should use methods exposed by Domain:  

RoleItem[] roles = domain.GetRoles();

RoleItem developers = domain.GetRole(“developers”);

UserItem user = domain.GetUser(“user name”);

Sitecore V4

Sitecore V5

Sitecore.User, Sitecore.ExtranetUser

Sitecore.SecurityModel.UserItem

-

Sitecore.SecurityModel.RoleItem

-

Sitecore.SecurityModel.Domain

Supplementary reading:


Prev Next