London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!
AI OnAI Off
Navigation [hide]
[expand]
- Add-ons
- Architecture
- BLOB storage and providers
- Caching
- Client resources
- Configuration
- Configuring episerver
- Configuring episerver.dataStore
- Configuring episerver.framework
- Configuring episerver.packaging
- Configuring episerver.search
- Configuring episerver.shell
- Configuring module.config
- Configuring staticFile
- Configuring episerver.basicAuthentication
- Configuring .NET SignalR
- Configuring Image Service
- Configuring link validation
- Reading application settings programmatically
- Content
- Page types and templates
- Block types and templates
- IContentRepository and DataFactory
- Persisting IContent instances
- Synchronization
- Validation
- ContentType attribute
- Grouping content types and properties
- EditHint in MVC
- Creating a page programmatically
- Selecting content
- Converting page types for pages
- Refactoring content type classes
- Multilingual content
- Properties
- Built-in property types
- Restricting content types in properties
- Writing custom attributes
- Single or multiple list options
- Built-in auto-suggestion editor
- Property settings
- Property attributes
- Using a block as a property
- Property controls
- Custom properties
- Links
- Assets and media
- Media types and templates
- Working with media
- Content assets and folders
- Custom editing preview for media
- Providers
- Deployment
- Planning deployments
- Installing database schema
- Setting up multiple sites
- Content Delivery Network
- Configuring your email server
- Automatic schema updates
- Deployment scenarios
- Mirroring
- Storing UTC date and time in the database
- Database mode
- Dynamic content
- Configuring dynamic content
- Using interfaces to render Dynamic Content
- Creating UI settings for dynamic content
- Creating a plug-in
- Creating a Hello World dynamic content
- Dynamic data store
- Configuring Dynamic Data Store
- Indexing properties
- Mapping stores
- Supporting LINQ
- Identity and Date and time management
- Editing
- Event management
- Forms
- Globalization
- Determining languages
- Globalization scenarios
- Adding languages
- Localization service
- Localizing the user interface
- Configuring a custom localization provider
- Initialization
- Logging
- Personalization
- Projects
- Rendering
- TemplateDescriptor and tags
- Selecting templates
- Display options
- Display channels
- Using data source controls
- Adding edit hints without using Property web control
- Navigation menus and listings
- Creating a main menu
- Creating a submenu
- Reports
- Routing
- Scheduled jobs
- Search
- Search integration
- Searching and filtering
- Installing and deploying Search Service
- About Episerver full-text search client
- About Episerver full-text search service
- Configuring Episerver full-text search client
- Configuring Episerver full-text search service
- Searching for pages based on page type
- Adding search providers
- Security
- Authentication and authorization
- Virtual roles
- Configuring Active Directory membership provider
- Recommendations for ASP.NET security settings
- Securing edit and admin user interfaces
- Federated security
- Forms authentication
- OWIN authentication
- Configuring mixed-mode OWIN authentication
- Permissions to functions
- Protecting users from session hijacking
- Managing cookies on the website
- EPiServer AspNetIdentity
- Integrate Azure AD using OpenID Connect
- User interface
- Context-sensitive components
- Service locator
- Describing content in the UI
- Dialogs
- Shell profile
- Store architecture
- Drag-and-drop
- Message service pool
- Publish and subscribe messaging system
- Introduction to Dojo
- Using jQuery
- Plugging in a gadget
- Creating a component
- Extending the navigation
- Dashboard gadgets
- Controller options
- HTML helpers
- Client API and gadget instance
- Gadget styling
- Configuring Shell modules
- Setting up your environment
- Developing gadgets, step 1
- Developing gadgets, step 2
- Developing gadgets, step 3
- Developing gadgets, step 4
- Command Pattern
- Object editing
- Views
- Creating a view
- Creating a container
- Creating a component
- Creating a component for a Web Form
- Plugging in components into a view
- Modifying a view through configuration
- Hiding or controlling access to a component
- Replacing a component globally
- Configuring the dashboard
- WebSocket support
- User notifications
- Virtual path providers
Area:
Optimizely CMS
ARCHIVED This content is retired and no longer maintained. See the latest version here.
Permissions to functions
Episerver has a built-in system for assigning permissions to individual functions. You can assign users and roles to a permission in the administrative interface under Config > Permissions to functions. Built-in permissions include the ability to access web services and viewing detailed exception messages.
Using permissions to functions
The API for querying whether a user is permitted to perform a function is available via EPiServer.Security.PermissionService or via PrincipalInfo as a simplified API.
//Alt 1
bool hasPermission = ServiceLocator.Current.GetInstance<PermissionService>().IsPermitted(HttpContext.Current.User, SystemPermissions.DetailedErrorMessage);
//Alt 2
bool hasPermission = PrincipalInfo.Current.IsPermitted(SystemPermissions.DetailedErrorMessage);
Define permissions to functions in code
You can define custom permissions to functions by defining a class as shown in the following example. Classes with the PermissionTypes attribute are automatically picked up by Episerver and appear in the administrative interface. Permission names must be unique within a group, so pick a group name that is unique to your solution. You also can register permission types via EPiServer.DataAbstraction.PermissionTypeRepository to support dynamic creation of permissions.
[PermissionTypes]
public static class MyCustomPermissions
{
public const string GroupName = "MyCustomPermissions";
static MyCustomPermissions()
{
EditSettings = new PermissionType(GroupName, "EditSettings");
ViewSettings = new PermissionType(GroupName, "ViewSettings");
}
public static PermissionType EditSettings { get; private set; }
public static PermissionType ViewSettings { get; private set; }
}You can define readable descriptions for the group and the permissions that are shown in the user interface by adding an entry to a language resource file. Under <groups>, name the GroupName (such as <MyCustomPermissions>) in which you place a <description> and node permission names (such as <EditSettings> and <ViewSettings>) as shown in the following example.
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<languages>
<language name="English" id="en">
<admin>
<permissiontype>
<groups>
<MyCustomPermissions>
<description>Custom settings fuctions</description>
<permissions>
<EditSettings>Allows users to access edit settings</EditSettings>
<ViewSettings>Allows users to access view settings</ViewSettings>
</permissions>
</MyCustomPermissions>
</groups>
</permissiontype>
</admin>
</language>
</languages>Protecting a controller via a permission
Use the AuthorizePermission attribute to authorize a MVC controller via permissions to functions:
[AuthorizePermission("MyCustomPermissions", "EditSettings")]
public class EditSettingsController : Controller
{
public ActionResult Index()
{
return View();
}
}Using virtual roles to expose permissions to other systems
Some systems cannot validate permissions but can validate roles. In these cases, you can expose a permission as a role:
[InitializableModule]
[ModuleDependency((typeof(EPiServer.Web.InitializationModule)))]
public class VirtualRoleInitializer : IInitializableModule
{
public void Initialize(InitializationEngine context)
{
var virtualRoleRepository = VirtualRoleRepository<VirtualRoleProviderBase>.GetDefault();
virtualRoleRepository.Register("EditSettingsVirtualRole", new PermissionRole
{
Permission = MyCustomPermissions.EditSettings
});
}
public void Uninitialize(InitializationEngine context) { }
public void Preload(string[] parameters) { }
}Last updated: Sep 21, 2015
