Try our conversational search powered by Generative AI!

Martin Helgesen
Jan 2, 2011
(1 votes)

Access Control with the new Visitor Groups feature

Just a quick follow-up from my previous post Virtual-Roles-and-access-control-in-EPiServer:

In that situation I had to solve a problem for a customer where certain endusers (not authenticated) should have access to more pages than other users. These users could be identified from an IP-range.

The solution then was to implement a Virtual Role and every user that matched a specific IP-range gained that role automatically. Then the webeditors could set access rights on pages based on this role.

With the new EPiServer CMS 6 R2 feature “Visitor Groups” this could be done in another way. With a little help from Magnus excellent post Building-custom-criteria-for-Visitor-groups-in-CMS-6-R2/ I created a custom criterion “IPAddress” for the Visitor Groups and then the webeditors can define as many groups they want to based on an IP range match.

Her is my criterion:

        Category = "User Criteria",
        DisplayName = "IPAddress",
        Description = "Criterion that matches type and version of the user's browser",
        LanguagePath = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress")]
    public class IPCriterion : CriterionBase<IPModel>
        public override bool IsMatch(System.Security.Principal.IPrincipal principal,
                                     HttpContextBase httpContext)
            return IsInRange(httpContext.Request.UserHostAddress);

        private bool IsInRange(string clientIpAddress)
            byte[] clientIP = IPAddress.Parse(clientIpAddress).GetAddressBytes();
            byte[] mask = IPAddress.Parse(Model.Mask).GetAddressBytes();
            byte[] ip = IPAddress.Parse(Model.Address).GetAddressBytes();
            bool isequal = true;
            for (int i = 0; i < ip.Length; i++)
                if ((clientIP[i] & mask[i]) != (ip[i] & mask[i]))
                    isequal = false;
            return isequal;

And the model looks like:

 public class IPModel : IDynamicData, ICloneable
        public EPiServer.Data.Identity Id { get; set; }
        public object Clone()
            var model = (IPModel)base.MemberwiseClone();
            model.Id = Identity.NewIdentity();
            return model;

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Address { get; set; }

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/mask",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Mask { get; set; }

Now it looks like this in the Admin mode:


Jan 02, 2011


Anders Hattestad
Anders Hattestad Jan 2, 2011 03:03 PM


Please login to comment.
Latest blogs
Microsoft announces Natural language to SQL

Finally, Microsoft launches "Natural language to SQL," after it has been available for several months in Optimizely CMS!

Tomas Hensrud Gulla | May 23, 2024 | Syndicated blog

Five easy ways to start personalizing your content right now

If you clicked on this article, you already know that getting the right message to the right person at the right time helps drive conversions and...

Kara Andersen | May 23, 2024

ExtendedCms.TinyMceEnhancements – serwer side webp support

Today I will introduce another small feature of TinyMceEnhancements plugin. The functionality is used to automatically detect whether a browser...

Grzegorz Wiecheć | May 22, 2024 | Syndicated blog

Azure AI Language– Detect Healthcare Content in Optimizely CMS

In this blog post, I showcase how the Azure AI Language service's Text Analytics for health feature can be used to detect healthcare content within...

Anil Patel | May 22, 2024 | Syndicated blog