Views: 4223
Number of votes: 1
Average rating:

Access Control with the new Visitor Groups feature

Just a quick follow-up from my previous post Virtual-Roles-and-access-control-in-EPiServer:

In that situation I had to solve a problem for a customer where certain endusers (not authenticated) should have access to more pages than other users. These users could be identified from an IP-range.

The solution then was to implement a Virtual Role and every user that matched a specific IP-range gained that role automatically. Then the webeditors could set access rights on pages based on this role.

With the new EPiServer CMS 6 R2 feature “Visitor Groups” this could be done in another way. With a little help from Magnus excellent post Building-custom-criteria-for-Visitor-groups-in-CMS-6-R2/ I created a custom criterion “IPAddress” for the Visitor Groups and then the webeditors can define as many groups they want to based on an IP range match.

Her is my criterion:

        Category = "User Criteria",
        DisplayName = "IPAddress",
        Description = "Criterion that matches type and version of the user's browser",
        LanguagePath = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress")]
    public class IPCriterion : CriterionBase<IPModel>
        public override bool IsMatch(System.Security.Principal.IPrincipal principal,
                                     HttpContextBase httpContext)
            return IsInRange(httpContext.Request.UserHostAddress);

        private bool IsInRange(string clientIpAddress)
            byte[] clientIP = IPAddress.Parse(clientIpAddress).GetAddressBytes();
            byte[] mask = IPAddress.Parse(Model.Mask).GetAddressBytes();
            byte[] ip = IPAddress.Parse(Model.Address).GetAddressBytes();
            bool isequal = true;
            for (int i = 0; i < ip.Length; i++)
                if ((clientIP[i] & mask[i]) != (ip[i] & mask[i]))
                    isequal = false;
            return isequal;

And the model looks like:

 public class IPModel : IDynamicData, ICloneable
        public EPiServer.Data.Identity Id { get; set; }
        public object Clone()
            var model = (IPModel)base.MemberwiseClone();
            model.Id = Identity.NewIdentity();
            return model;

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Address { get; set; }

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/mask",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Mask { get; set; }

Now it looks like this in the Admin mode:


Jan 02, 2011

Anders Hattestad
( By Anders Hattestad, 1/2/2011 3:03:10 PM)


Please login to comment.