Loading

Security in Kentico

Security is very important aspect of any web application. Often developers are more focused on the front end security: public pages vs. pages require authentication, pages those are available for particular roles, section of the page those should be hidden for public users, etc. I'd like to draw your attention to the security of Kentico admin area and available option there.  


Personally I love Kentico security model because I haven't met requirements that I couldn't implement with it. I found it very flexible and extremely configurable with multiple levels of granularity. For example you may grant some role with permission to edit content in general, or you may allow to modify particular page type. Moving further you may allow to manage content only within particular folder, meanwhile read only access is granted for other areas. This helps to avoid unauthorized changes to content or data as well as improves editors' user experience: if editor is allowed to manage only one page type he does not need to peek it from the long list of all available page types. This could be achieved with page scopes as well, however it is worth mentioning.
 

Permissions

Most of the security configuration could be done in Permissions application. It allows management of access to all available modules throughout the system including custom modules with any permissions implemented there. It is as easy as checking checkbox against particular role from list of available permissions. Sometimes it might not be clear what is the exact permission needed for role in order to perform some action, but playing around for a couple of minutes usually is enough to figure this out. Also it is possible to check what permission is needed with a code, I'll get back to it a bit later.

Another permissions type is permissions for page type. This is where read, create, modify, delete, browse and other permissions for a page type could be configured for some role. This is right place to setup content responsibilities, e.g.: allow news editor to manage news, event editor manage events and so on. To accomplish security setup for pages additional settings in Pages application could be configured.   
 

Roles

I'd like to encourage everyone to create many Roles, but with a least permissions. It is much better to have multiple roles assigned to a user vs. a role with multiple permissions. For example there is a user responsible for a data of particular custom table and News section. It is better to create two roles: one to allow management of custom table and another for news management and assign those roles to a user. This is more flexible approach as it allows easily remove some permission from particular user vs. changing role permissions which impacts all user in that role.
 

Impersonation

Whenever security is being implemented testing is next logical step. This is when Impersonation comes to rescue. It is extremely handy when testing permissions as it allows global admin to login as particular user and see exactly what that user will see and verify that system behaves as expected. 
 

Custom security events   

In cases when Kentico security model is not enough to implement some requirement, or you need to override default behavior Kentico suggests implementation of custom security events' handlers. Also AuthorizeResource event handler might be used to check what permission system checks when user accesses some module - just run an app in debug mode in Visual Studio, set breakpoint in handler method, system will hit this method for a couple of times. AuthorizationEventArgs will show the module system checks permissions for and actual permission name. 
 

Conclusion

Kentico provides flexible solution from security stand point. There are many security levels that allows to apply security more or less granular or override them on lower levels.


Comments
Percy Jackson
Thanks for sharing point by point. Such a nice post.
11/11/2017 5:51:13 AM

lush hair extensions
The brown hair style is not just an exaggeration nor old-fashioned, with a cheap hair extensions playful little hair ornaments to show the style of the more prominent.
11/10/2017 1:42:48 AM

ویزای شینگن
Nice post! keep up the good work The Blogging Arena
10/25/2017 12:17:11 PM

تور تایلند
Nice post. Thank you for the info. Keep it up.
10/25/2017 12:16:42 PM

Web Design Company Los Angeles
Interesting article! Thank you for sharing them! I hope you will continue to have similar posts to share with everyone!
10/24/2017 4:47:56 AM

myucf
hi was just seeing if you minded a comment. i like your website and the thme you picked is super. I will be back.
10/22/2017 5:10:58 AM

www
Great site!
10/20/2017 4:11:09 PM

Obat Mata Katarak
Thanks for sharing :))
9/26/2017 6:28:10 AM

Volusion Customization Services
dasd asda as asd asdas <a href="http://agsdevelopers.com/volusion-development/" title="Volusion Development Services">Volusion Development Services</a>
9/18/2017 3:41:33 PM

Small Businesses
Hmmm I will bookmark it and recommend for the reference to distinct capability reader to make a deep reputation about this problem be counted.
8/18/2017 1:10:17 PM

Mayweather vs McGregor Time
I am such a great amount of satisfied to get this sort of article and decent information.
8/16/2017 10:17:37 PM

Low-Carb Foods
Excellent effort to make this blog more wonderful and attractive.
8/12/2017 7:21:59 PM

training for microblading
I also encourage the new young generation :) Here is deep description about the article matter which helped me more :)
8/12/2017 4:25:27 AM

Belly Fat
Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing.
8/4/2017 11:09:32 AM

do my paper for me
I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter.Here is deep description about the article matter which helped me more
7/12/2017 2:52:09 PM

write my paper for me
Your blog have very great content and its have very good content with nice efforts and beautiful format. We are providing top reviews, its give good quality dissertation with every person.
7/12/2017 2:48:11 PM

srjca
You also know how to make people rally behind it, obviously from the responses.
7/11/2017 8:59:55 AM

Online Academic Writing Service
I am also using Kentico security for my personal Android app. It's such a useful for me.
7/10/2017 11:05:33 AM

maha
Thank you for sharing great information to us. Sure I will bookmark it and recommend for the reference to distinct capability reader to make a deep reputation about this problem be counted.
7/6/2017 3:05:14 PM

noor
Hello,
This is really helpful, thanks for sharing your thought process.
7/5/2017 11:00:17 AM

70-410 certification exam70-410 certification exam
You have a number of opportunities in the field of IT if you take certification exam. Valid4sure is your only choice to go ahead with your choice of expertise in a specific certification exam.
6/8/2017 7:52:04 AM

Best mass communication colleges in Delhi
Nice blog, the article you have shared is good.This article is very useful. My friend suggest me to use this blog.
6/7/2017 11:01:31 AM

Buy UK Assignment
It's notable that ineffectively written software makes security issues. The quantity of bugs that could make web security issues is straightforwardly relative to the size and multifaceted nature of your web applications and web server.
6/5/2017 7:58:10 AM

kopi rolex
dsfasdgadsagdasdgasg
5/31/2017 1:57:09 AM

skil
Great Article it its really informative and innovative keep us posted with new updates. its was

reallyvaluable. thanks a lot.<a href="http://www.kreaspacio.com/">orologi replica</a>
<a href="http://www.torico.co.uk/">Nike Shoes</a>
<a href="http://www.migliorireplicherolex.it/">Rolex Replica</a>

[url=http://www.kreaspacio.com/]orologi replica[/url]
[url=http://www.migliorireplicherolex.it/] Rolex Replica [/url]
[url=http://www.torico.co.uk/]Cheap Air Max[/url]
5/12/2017 8:31:58 AM

-2016/Security-inFilmmaking classes in Delhi-Kentico
Moonlight Films and Theatre Studio operates under the Moonlight Films and Theatre Society , a non-profit association whose goals are to spread knowledge of and interest in theatrical and media arts through education.<br>
5/8/2017 9:11:27 AM

computer recycling
Your work is very good and I appreciate you and hopping for some more informative posts. Thank you for sharing great information to us.
4/10/2017 2:43:19 PM

seo service plans
This is a smart blog. I mean it. You have so much knowledge about this issue, and so much passion. You also know how to make people rally behind it, obviously from the responses.
4/4/2017 6:15:16 AM

professional essay writing services
Really I'm inspired with this piece of statistics. I choice this with a pleasing and thrilling subjects have helped a whole lot of those who do no longer task subjects humans need to recognize. Sure I will bookmark it and recommend for the reference to distinct capability reader to make a deep reputation about this problem be counted.
3/18/2017 6:15:08 AM

Audio mixer dealers
I’m impressed with your views on this matter and I agree with a lot of your ideas.
3/15/2017 10:58:53 AM

 Security code