Kentico CMS 7.0 Developer's Guide



Previous topic Next topic Mail us feedback on this topic!  


Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

Security debugging can be turned on and configured either by adjusting certain settings in Site Manager -> Settings -> System -> Debug, or by adding certain keys into the AppSettings section of your web.config file. The following table lists and explains these settings and keys:



Web.config key


Enable security debug


Enables security operation debugging and the Security tab in Site Manager -> Administration -> System -> Debug.

Display security debug on live site


If enabled, security operation debug information is also displayed at the bottom of each live site page. This option requires security debugging to be enabled.

Debug security operations of UI pages


If enabled, security checks performed by pages of the administration interface (CMS Desk and Site Manager) will also be included in the security debug. This option requires security debugging to be enabled.

Log security operations to file


If enabled, security debug log is saved into the logSecurity.log file in the ~\App_Data folder. This option does not require security debugging to be enabled.

Security debug log length


Sets the maximum length of the security debug log on the Debug -> Security tab, i.e. the number of requests for which debug information is preserved and displayed on the tab. If empty, value of the Default log length setting (or the CMSDebugEverythingLogLength key) is used.

Display stack information


If enabled, stack is tracked when debugging security and is displayed in the Context column. This information is only available in the debugging UI and on the live site, not in the debug log written into the logSecurity.log file.




It may happen that you specify different configuration in the settings and in the web.config file. In such cases, boolean settings (true/false) need to be enabled at least in one place (in web.config or in settings) in order to be enabled, while log lengths specified in Site Manager -> Settings have higher priority than log lengths specified in the web.config.


Here is a list of the keys for easy copy&paste into your web.config:


<add key="CMSDebugSecurity" value="true" />
<add key="CMSDebugSecurityLive" value="true" />
<add key="CMSDebugAllSecurity" value="true" />
<add key="CMSLogSecurity" value="true" />

<add key="CMSDebugSecurityLogLength" value="10" />

<add key="CMSDebugSecurityStack" value="true" />


Security debugging can also be enabled using the general settings and keys.


User interface


On the Debug -> Security tab, you can see which security checks were recently performed on the site. This is particularly useful if you want to quickly find out why some user is not able to access some section of the UI or gets the Access denied page displayed.


Enabling the Show complete context check-box displays complete context (not only the topmost item) in the Context column. The log can be cleared using the Clear security log button.