Assessing the “Everyone” role in Crestone

3

June 8, 2008 by Alistair Deneys

Update 20080629: This post was written with code against the original Crestone beta release 080314. The API for the latest beta release 080514 has changed and altered the code in this post. Check out my post Crestone differences update rev 080514 for updates to the code samples here.

As you may be aware, the security model in Sitecore’s Crestone release has completely changed. Sitecore as of Crestone will use ASP.NET security.

I must say, I’m a little sad to see the Sitecore security model changing. I though the security model in Sitecore 5.3.x was really good. It was simple and effective. It was easy to understand (well, maybe cause I’ve been using it for so long. Pose that statement to a newby and see how they react).

One benefit I’ve seen in the new Crestone security model is the ability to assign rights directly to children of an item, and not the item itself. This is good when you want the user to be able to see a folder of protected items, but not the items themselves.

Anyway, in the previous security model we had the special role “Everyone”. Using the API, I could ask sitecore if someone was a part of this role quite easily:

Sitecore.Context.User.IsInRole(Sitecore.Context.Domain
  .GetRole("everyone").ID);

This doesn’t work in Crestone 😦

The first difference to note is that the everyone role is now called “##everyone”. But the above code won’t work. This has something to do with the fact that the everyone role is now a virtual role. So how do I get this to work? First we get the everyone role object by name. Then we can query against the users accounts if any of them are in the role:

Sitecore.Security.Accounts.Role role =
  Sitecore.Security.Accounts.Role.FromName("##everyone");
Sitecore.Security.Accounts.AccountList accounts =
  Sitecore.Context.User.GetManagedAccounts();
for(int k = 0; k < accounts.Count; k++)
{
  if(role.IsMember(accounts[k], true, true))
  {
    // User is in this role. Do Something
  }
}

And viola. It works!

Advertisements

3 thoughts on “Assessing the “Everyone” role in Crestone

  1. Lars Nielsen says:

    Hey Alistair,

    You are right, the traditional static role everyone has been removed. Also, the security API has changed quite significantly, but I think very much to the better.

    For example, Sitecore now also supports:

    * Roles in roles.
    * Bi-directional user/role resolving.
    * Local/site administrators (for multi-site, multi admin purposes).
    * Profiles (comes with .NET 2.0)
    * Easier to write role/profile/security providers.
    etc.

  2. […] here to see the original: Assessing the “Everyone” role in Crestone « Coffee => Coder => Code asp-net ASP.NET Security crestone must-say net security security-model […]

  3. […] is the original: Assessing the “Everyone” role in Crestone « Coffee => Coder => Code asp-net ASP.NET Security crestone little-sad net security security-model […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

The views expressed on this blog are solely my own and do not necessarily reflect the views of my employer.
%d bloggers like this: