Web.config role based folder access control

Aaron Macdonald asked on March 16, 2022 02:10

Hi can someone please explain how it's possible to restrict access to a folder within the admin application via roles in web.config location authorization elements (Kentico 13).

We've been able to restrict access but only via users. For example this is a child web.config in a protected folder:

<?xml version="1.0"?>
<configuration>
    <location path="">
        <system.web>
          <authorization>
            <allow users="test_user"/>        
            <deny users="*" />        
          </authorization>
        </system.web>
    </location>
</configuration>

Having viewed the CMS_Role table we've tried a combination of RoleName and RoleGUID values, but nothing has worked to restrict access based on roles.

TIA

Recent Answers

Trevor Fayas answered on March 17, 2022 23:43

You can use Kentico's baked in user permissions to limit access.

  1. Create a "limited" role that has basic UI permissions, read / browsetree, but not create/update/delete permissions on pages
  2. Create your specific role
  3. Grant access to update/delete/etc on that folder in the content tree through the Properties -> Security

Documentation: Permissions and Page Permissions (specifically Page ACL Permissions should help you out.

If you want to extend permissions to your MVC site, you'll need the XperienceCommunity.Authorization package.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.