Loading

Security in Kentico

Security is very important aspect of any web application. Often developers are more focused on the front end security: public pages vs. pages require authentication, pages those are available for particular roles, section of the page those should be hidden for public users, etc. I'd like to draw your attention to the security of Kentico admin area and available option there.  


Personally I love Kentico security model because I haven't met requirements that I couldn't implement with it. I found it very flexible and extremely configurable with multiple levels of granularity. For example you may grant some role with permission to edit content in general, or you may allow to modify particular page type. Moving further you may allow to manage content only within particular folder, meanwhile read only access is granted for other areas. This helps to avoid unauthorized changes to content or data as well as improves editors' user experience: if editor is allowed to manage only one page type he does not need to peek it from the long list of all available page types. This could be achieved with page scopes as well, however it is worth mentioning.
 

Permissions

Most of the security configuration could be done in Permissions application. It allows management of access to all available modules throughout the system including custom modules with any permissions implemented there. It is as easy as checking checkbox against particular role from list of available permissions. Sometimes it might not be clear what is the exact permission needed for role in order to perform some action, but playing around for a couple of minutes usually is enough to figure this out. Also it is possible to check what permission is needed with a code, I'll get back to it a bit later.

Another permissions type is permissions for page type. This is where read, create, modify, delete, browse and other permissions for a page type could be configured for some role. This is right place to setup content responsibilities, e.g.: allow news editor to manage news, event editor manage events and so on. To accomplish security setup for pages additional settings in Pages application could be configured.   
 

Roles

I'd like to encourage everyone to create many Roles, but with a least permissions. It is much better to have multiple roles assigned to a user vs. a role with multiple permissions. For example there is a user responsible for a data of particular custom table and News section. It is better to create two roles: one to allow management of custom table and another for news management and assign those roles to a user. This is more flexible approach as it allows easily remove some permission from particular user vs. changing role permissions which impacts all user in that role.
 

Impersonation

Whenever security is being implemented testing is next logical step. This is when Impersonation comes to rescue. It is extremely handy when testing permissions as it allows global admin to login as particular user and see exactly what that user will see and verify that system behaves as expected. 
 

Custom security events   

In cases when Kentico security model is not enough to implement some requirement, or you need to override default behavior Kentico suggests implementation of custom security events' handlers. Also AuthorizeResource event handler might be used to check what permission system checks when user accesses some module - just run an app in debug mode in Visual Studio, set breakpoint in handler method, system will hit this method for a couple of times. AuthorizationEventArgs will show the module system checks permissions for and actual permission name. 
 

Conclusion

Kentico provides flexible solution from security stand point. There are many security levels that allows to apply security more or less granular or override them on lower levels.


Comments
https://www.stclairphysioclinic.com/
Awesome post,! Really loving this articles. I have been searching the Internet for fun and last night I got it. Thanks for sharing us your essential article.
2/18/2018 6:20:55 AM

Wax Gourd
This is also a very good post which I really enjoy reading. It is not everyday that I have the possibility to see something like this.
2/14/2018 3:40:47 PM

five nights at freddy's
It would be more wonderful if we can enjoy it right now. I am writing here and enjoy another.
2/9/2018 7:56:03 AM

coursework service
It's eminent that insufficiently composed programming makes security issues. The amount of bugs that could make web security issues is direct in respect to the size and multifaceted nature of your web applications and web server.
2/5/2018 8:02:28 AM

Cannabis Essential Oil
I am a new user of this site so here i saw multiple articles and posts posted by this site,I curious more interest in some of them hope you will give more information on this topics in your next articles.
1/31/2018 9:22:04 PM

Health Benefits
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
1/26/2018 12:05:34 PM

How To Give A Hand Job
I will be interested in more similar topics. i see you got really very useful topics , i will be always checking your blog thanks
1/24/2018 7:29:01 PM

Get Rid of Head Lice
Please give some advice on how to achieve this kind of posts.
1/23/2018 10:11:04 PM

Benefits of Snake Gourd
I think about it is most required for making more on this get engaged
1/23/2018 12:29:20 PM

buy essay online
It's outstanding that insufficiently composed programming makes security issues. The amount of bugs that could make web security issues is clearly with respect to the size and multifaceted nature of your web applications and web server.
1/23/2018 9:30:37 AM

cara menyembuhkan penyakit hiperteroid
this article is helpful<a href="http://www.obatberengan.com"> obat berengan </a>
1/19/2018 2:46:45 AM

importance of education
Nice post. Thank you for the info. Keep it up.
1/11/2018 10:49:01 AM

Do my Assignment for me
Extraordinary post,It is extremely exceptionally instructive post for youngsters and expectation they will appreciate well in the wake of perusing this post. Much obliged for sharing.Thanks for this post.
12/12/2017 8:09:56 AM

Assignment Writing
There are frequent viruses on your PC. These ‘dangers’ in reality are inoffensive files that have nobody to do with malware. The only risk that must be removed is the same Internet Security.
12/4/2017 10:06:06 AM

Percy Jackson
Thanks for sharing point by point. Such a nice post.
11/11/2017 5:51:13 AM

lush hair extensions
The brown hair style is not just an exaggeration nor old-fashioned, with a cheap hair extensions playful little hair ornaments to show the style of the more prominent.
11/10/2017 1:42:48 AM

ویزای شینگن
Nice post! keep up the good work The Blogging Arena
10/25/2017 12:17:11 PM

تور تایلند
Nice post. Thank you for the info. Keep it up.
10/25/2017 12:16:42 PM

Web Design Company Los Angeles
Interesting article! Thank you for sharing them! I hope you will continue to have similar posts to share with everyone!
10/24/2017 4:47:56 AM

myucf
hi was just seeing if you minded a comment. i like your website and the thme you picked is super. I will be back.
10/22/2017 5:10:58 AM

www
Great site!
10/20/2017 4:11:09 PM

Obat Mata Katarak
Thanks for sharing :))
9/26/2017 6:28:10 AM

Small Businesses
Hmmm I will bookmark it and recommend for the reference to distinct capability reader to make a deep reputation about this problem be counted.
8/18/2017 1:10:17 PM

Mayweather vs McGregor Time
I am such a great amount of satisfied to get this sort of article and decent information.
8/16/2017 10:17:37 PM

Low-Carb Foods
Excellent effort to make this blog more wonderful and attractive.
8/12/2017 7:21:59 PM

training for microblading
I also encourage the new young generation :) Here is deep description about the article matter which helped me more :)
8/12/2017 4:25:27 AM

Belly Fat
Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing.
8/4/2017 11:09:32 AM

do my paper for me
I will really appreciate the writer's choice for choosing this excellent article appropriate to my matter.Here is deep description about the article matter which helped me more
7/12/2017 2:52:09 PM

srjca
You also know how to make people rally behind it, obviously from the responses.
7/11/2017 8:59:55 AM

maha
Thank you for sharing great information to us. Sure I will bookmark it and recommend for the reference to distinct capability reader to make a deep reputation about this problem be counted.
7/6/2017 3:05:14 PM

70-410 certification exam70-410 certification exam
You have a number of opportunities in the field of IT if you take certification exam. Valid4sure is your only choice to go ahead with your choice of expertise in a specific certification exam.
6/8/2017 7:52:04 AM

Buy UK Assignment
It's notable that ineffectively written software makes security issues. The quantity of bugs that could make web security issues is straightforwardly relative to the size and multifaceted nature of your web applications and web server.
6/5/2017 7:58:10 AM

kopi rolex
dsfasdgadsagdasdgasg
5/31/2017 1:57:09 AM

computer recycling
Your work is very good and I appreciate you and hopping for some more informative posts. Thank you for sharing great information to us.
4/10/2017 2:43:19 PM

 Security code