Handling secure media items in extranet for Sitecore 6?

0
votes

I have setup an Extranet on a Sitecore solution. Login and access to the items below the extranet works fine with security, etc.

But there is also files, that should only be accessible to users that have logged in to the Extranet. For this I have made a folder in the root of the media-library called Extranet. I have set the security on this (added the extranet\user and removed read access from extranet\everyone). I have also checked the inheritance option in the security field.

But when I add a file below this folder, it does not look like it inherits the security settings. Although extranet\anonymous cannot access the item, extranet\user cannot either. If I explicitly set the security on the file and allow extranet\user, it works.

What could I be missing?

1
sitecoresitecore6

1 Answers

1
votes

The problem is with conflicting access. You must create a different role, ex: extranet/registered and give read access to it. And when logged in, set "extranet/registered" role on that logged in user. Some code on how to set a role:

var loginUser = database.ValidateUserForLogin(userName.Trim(), password.Trim());
            if (loginUser == null) return false;

            User _user = AuthenticationManager.BuildVirtualUser(domainUser, true);

            if (_user != null)
            {
                AuthenticationManager.Login(_user);
                _user.RuntimeSettings.AddedRoles.Add(@"extranet\registered");
                _user.Profile.SetCustomProperty("UserId", loginUser .UserId.ToString());
            }

loginUser is a custom object from database. I am using sitecore authenticationmanager (from sitecore.security namespace).

Try this our and let me know how it goes.