Calling all developers! We invite you to provide your input on Feature Experimentation by completing this brief survey.

 

Björn Olsson
Oct 11, 2011
  4581
(2 votes)

Virtual role validation behavior changed in EPiServer CMS6 R2

I recently upgraded a site to R2, and noticed that one of the custom virtual roles stopped working properly (The access rights in the edit page tree looked messed up). After some quick logging, I discovered that each virtual role only was validated once, when I expanded a node in the page tree. This would usually not be an issue for a virtual role, but in my case, the virtual role is based on each specific PageData object. This basically means, that the first child page in the node being loaded, would decide which access the user have for every following child page. This works as expected in R1 however (by default). I thought this was a bug in R2, so I created a support-ticket, at the same time, it also crossed my mind that this could be a performance enhancement. I got my answer a few days later, it’s a performance enhancement. But this can easily be overridden (if needed):

public class MyVirtualRole : EPiServer.Security.VirtualRoleProviderBase
{
    public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
    {
        base.Initialize(name, config);

        this.EnableIsInRoleCache = false;
    }

    public override bool IsInVirtualRole(System.Security.Principal.IPrincipal principal, object context)
    {
        EPiServer.Security.PageAccessControlList acl = context as EPiServer.Security.PageAccessControlList;

        if (acl != null)
        {
            PageData page = EPiServer.DataFactory.Instance.GetPage(acl.PageLink);
            return page.PageName.Equals("Test", StringComparison.InvariantCultureIgnoreCase);
        }

        return false;
    }
}

This virtual role basically checks if the given page is named “Test”. But it won’t work as expected if EnableIsInRoleCache is set to true, which is default. This is, as I mentioned a performance enhancement, so don’t disable the cache unless needed, basically only if you are validating against the PageData object (or ACL) as this example, I can’t think of another scenario as I’m typing this.

And I’m out!

Oct 11, 2011

Comments

Please login to comment.
Latest blogs
Optimizely CMS easy RSS feed integration library

As I've mentioned in my  previous blog post , while I was developing the Optimizely version of my blog, I tried to look for a library that could...

David Drouin-Prince | Jan 25, 2025 | Syndicated blog

Decimal numbers in Optimizely Graph

Storing prices as decimal numbers on a commerce website and planning to expose them through Optimizely Graph? It might not be as straightforward as...

Damian Smutek | Jan 23, 2025 | Syndicated blog

Find and delete non used media and blocks

On my new quest to play around with Blazor and MudBlazor I'm going back memory lane and porting some previously plugins. So this time up is my plug...

Per Nergård (MVP) | Jan 21, 2025

Optimizely Content Graph on mobile application

CG everywhere! I pull schema from our default index https://cg.optimizely.com/app/graphiql?auth=eBrGunULiC5TziTCtiOLEmov2LijBf30obh0KmhcBlyTktGZ in...

Cuong Nguyen Dinh | Jan 20, 2025