Martin Helgesen
Jan 2, 2011
(1 votes)

Access Control with the new Visitor Groups feature

Just a quick follow-up from my previous post Virtual-Roles-and-access-control-in-EPiServer:

In that situation I had to solve a problem for a customer where certain endusers (not authenticated) should have access to more pages than other users. These users could be identified from an IP-range.

The solution then was to implement a Virtual Role and every user that matched a specific IP-range gained that role automatically. Then the webeditors could set access rights on pages based on this role.

With the new EPiServer CMS 6 R2 feature “Visitor Groups” this could be done in another way. With a little help from Magnus excellent post Building-custom-criteria-for-Visitor-groups-in-CMS-6-R2/ I created a custom criterion “IPAddress” for the Visitor Groups and then the webeditors can define as many groups they want to based on an IP range match.

Her is my criterion:

        Category = "User Criteria",
        DisplayName = "IPAddress",
        Description = "Criterion that matches type and version of the user's browser",
        LanguagePath = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress")]
    public class IPCriterion : CriterionBase<IPModel>
        public override bool IsMatch(System.Security.Principal.IPrincipal principal,
                                     HttpContextBase httpContext)
            return IsInRange(httpContext.Request.UserHostAddress);

        private bool IsInRange(string clientIpAddress)
            byte[] clientIP = IPAddress.Parse(clientIpAddress).GetAddressBytes();
            byte[] mask = IPAddress.Parse(Model.Mask).GetAddressBytes();
            byte[] ip = IPAddress.Parse(Model.Address).GetAddressBytes();
            bool isequal = true;
            for (int i = 0; i < ip.Length; i++)
                if ((clientIP[i] & mask[i]) != (ip[i] & mask[i]))
                    isequal = false;
            return isequal;

And the model looks like:

 public class IPModel : IDynamicData, ICloneable
        public EPiServer.Data.Identity Id { get; set; }
        public object Clone()
            var model = (IPModel)base.MemberwiseClone();
            model.Id = Identity.NewIdentity();
            return model;

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Address { get; set; }

       DefaultValue = "",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/mask",
       AdditionalOptions = "{ selectOnClick: true }"),
        public string Mask { get; set; }

Now it looks like this in the Admin mode:


Jan 02, 2011


Anders Hattestad
Anders Hattestad Jan 2, 2011 03:03 PM


Please login to comment.
Latest blogs
Zombie Properties want to Eat Your Brains

It’s a story as old as time. You work hard to build a great site. You have all the right properties – with descriptive names – that the content...

Joe Mayberry | Mar 29, 2023 | Syndicated blog

Optimizely finally releases new and improved list properties!

For years, the Generic PropertyList has been widely used, despite it being unsupported. Today a better option is released!

Tomas Hensrud Gulla | Mar 28, 2023 | Syndicated blog

Official List property support

Introduction Until now users were able to store list properties in three ways: Store simple types (int, string, DateTime, double) as native...

Bartosz Sekula | Mar 28, 2023

New dashboard implemented in CMS UI 12.18.0

As part of the CMS UI 12.18.0 release , a new dashboard has been added as a ‘one stop shop’ to enable editors to access all of their content items,...

Matthew Slim | Mar 28, 2023

How to Merge Anonymous Carts When a Customer Logs In with Optimizely Commerce 14

In e-commerce, it is common for users to browse a site anonymously, adding items to their cart without creating an account. Later, when the user...

Francisco Quintanilla | Mar 27, 2023

How to Write an xUnit Test to Verify Unique Content Type Guids in Content Management

When developing an Optimizely CMS solution, it is important to ensure that each content type has a unique GUID. If two or more content types share...

Minesh Shah (Netcel) | Mar 27, 2023