Björn Olsson
Oct 11, 2011
visibility 5103
star star star star star
(2 votes)

Virtual role validation behavior changed in EPiServer CMS6 R2

I recently upgraded a site to R2, and noticed that one of the custom virtual roles stopped working properly (The access rights in the edit page tree looked messed up). After some quick logging, I discovered that each virtual role only was validated once, when I expanded a node in the page tree. This would usually not be an issue for a virtual role, but in my case, the virtual role is based on each specific PageData object. This basically means, that the first child page in the node being loaded, would decide which access the user have for every following child page. This works as expected in R1 however (by default). I thought this was a bug in R2, so I created a support-ticket, at the same time, it also crossed my mind that this could be a performance enhancement. I got my answer a few days later, it’s a performance enhancement. But this can easily be overridden (if needed):

public class MyVirtualRole : EPiServer.Security.VirtualRoleProviderBase
{
    public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
    {
        base.Initialize(name, config);

        this.EnableIsInRoleCache = false;
    }

    public override bool IsInVirtualRole(System.Security.Principal.IPrincipal principal, object context)
    {
        EPiServer.Security.PageAccessControlList acl = context as EPiServer.Security.PageAccessControlList;

        if (acl != null)
        {
            PageData page = EPiServer.DataFactory.Instance.GetPage(acl.PageLink);
            return page.PageName.Equals("Test", StringComparison.InvariantCultureIgnoreCase);
        }

        return false;
    }
}

This virtual role basically checks if the given page is named “Test”. But it won’t work as expected if EnableIsInRoleCache is set to true, which is default. This is, as I mentioned a performance enhancement, so don’t disable the cache unless needed, basically only if you are validating against the PageData object (or ACL) as this example, I can’t think of another scenario as I’m typing this.

And I’m out!

Oct 11, 2011

Comments

error Please login to comment.
Latest blogs
Bynder DAM Connector for Optimizely SaaS CMS: Improved Metadata Property Synchronization

While working with the Bynder DAM Connector for Optimizely SaaS CMS , one of the key areas I explored was how Bynder asset metadata is synchronized...

Vipin Banka | Jul 11, 2026

Optimizely DXP: Every Supported Culture, One Searchable Page

Quick one for anyone building multi-language sites on Optimizely DXP. I put together a reference tool listing all 806 supported cultures. More...

Adnan Zameer | Jul 10, 2026 |

A day in the life of an Optimizely OMVP: London Meetup 2026

On 2nd July 2026 the Optimizely London Developer Meetup returned to The Lightwell, and the running theme across the evening was less about individu...

Graham Carr | Jul 10, 2026

Optimizely’s Summer ’26 Roadmap: The CMS Is Starting to Look Less Like a Publishing Tool and More Like Marketing Infrastructure

Optimizely’s Summer ’26 Product Roadmap event was not just a list of product updates. At least, that is not the part I found most interesting. The...

Augusto Davalos | Jul 9, 2026

Optimizely Content JS SDK v2.1.0 — What's New and Why It Matters

  v2.1.0 of the Optimizely Content JS SDK and CLI landed on July 7, 2026. This is a substantial release bringing a wave of capabilities for...

Vipin Banka | Jul 8, 2026

Integrating a Third-Party DAM into Optimizely CMS 12: A Case Study

There is no handbook for wiring an external DAM into Optimizely CMS 12. This case study walks through the research, dead ends, and breakthroughs —...

WilliamP | Jul 7, 2026 |