Print

This cookbook provides sample code to introduce Sitecore APIs that support common security requirements, such as user management, authentication, authorization, and user profile management. This document provides an overview of concepts rather than describing every API used. Sitecore provides detailed descriptions of API methods in the API documentation.  For the reader’s convenience, this document describes some security APIs provided by the ASP.NET framework, but not abstracted in any way by Sitecore.

To download the document, click one of the below links.
Sitecore CMS 6.0 and later versions:

• Download the document in A4 format (PDF, 0.5 MB)
• Download the document in US letter format (PDF, 0.5 MB)

Related reading:

• Use Default or Custom Access Rights to Control Whether Users Can Publish an Item.

Table of Contents

User, Domain, Role, and Profile Management
    Sitecore Security Overview
    Sitecore Security API Overview
    Membership Provider Configuration
    Sample Login Form
        How to Use the ASP.NET Login Web Control
    Sample Self-Registration Form
        Using the ASP.NET CreateUserWizard Web Control
    Sample Password Recovery Form

    Virtual Users
        How to Create a Virtual User
    Sitecore.Security.Accounts.RolesInRolesManager APIs
        How to Add a Role to a Role
        How to Remove a Role from a Role
        How to Get a Role from a Role
User Profiles
    Overview of User Profiles
    How to Access Standard User Profile Properties
    How to Access Custom User Profile Properties
    How to Extend the Default User Profile
    Implement a Custom User Profile
        How to Create a Custom User Profile
        How to Apply a Custom User Profile Using the User Manager
        How to Apply a Custom User Profile Using APIs
        How to Implement a Custom User Profile Class
    Sample User Profile Management Form
        How to Use the ASP.NET ChangePassword Web Control
Access Rights Management
    Overview of Access Rights
    User Switcher
    Security Disabler
    Apply Access Rights
System.Web.Security APIs
    System.Web.Security.Roles
        System.Web.Security.Roles.CreateRole()
        System.Web.Security.Roles.DeleteRole()
    System.Web.Security.MembershipUser
        System.Web.Security.MembershipUser.GetUser()
        System.Web.Security.MembershipUser.ChangePassword()
        System.Web.Security.MembershipUser.ResetPassword()
        System.Web.Security.MembershipUser.UnlockUser()
    System.Web.Security.Membership
        System.Web.Security.Membership.GetUserNameByEmail()
        System.Web.Security.Membership.FindUsersByEmail()
Appendix A
    Sitecore.Security.AccessControl.AccessRight