In our sitecore based website, we have custom sitecore modules for the use of sitecore administrators. Inside each module we do a credential check to see whether the current user is a sitecore user.
using Sitecore.Security.Authentication;
if (AuthenticationManager.GetActiveUser().Domain.Name != "sitecore")
{
//not permitted to use the admin module
}
This check allows the administrators to use the custom module as long as they are logged into the sitecore portal. But the problem is whenever they use the sitecore "Preview" feature to preview some item, currently active user gets changed to "extranet\Anonymous". From this point onwards, our custom module thinks that the user is not a sitecore admin, and denies access to the module.
How to overcome this problem? We need this security check for our admin module as well as the preview feature.
Thanks in advance!
PS. Saw this on known issues when investigating further. http://sdn.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%206/ReleaseNotes/KnownIssues%20Recommended/Users%20in%20Preview%20mode%20do%20not%20have%20access%20to%20restricted%20pages%20unless%20they%20log%20in%20on%20the%20website.aspx
"sitecore"domain for admin user. DoesSitecore.Context.User.GetDomainName()returns extranet for you as well? Are you sure theSecurityDisableris not used in the code for preview? – Marek MusielakSitecore.Context.User.GetDomainName()also give the same result. No we don't use the SecurityDisabler in the public website. (we occasionally use it in custom agents) – ravinsp