Password protecting Sitecore items

0
votes

I've been reviewing the Sitecore Security Admin Cookbook and several blog posts but can't find anything that talks about password protecting individual Sitecore content items. I've taken a look at the Security -> Require Login for an item but that seems to only affect the extranet\Anonymous user.

Edit: We've reviewed the client's needs and its for protecting Sitecore items to outside or anonymous users browsing the site. They don't want a user to stumble on a protected document, so our solution is to allow them to essentially lock this item to a set user role. So, if a user navigates to this locked item and is a member of this role then they will just need to enter their login information and they will have access to this document/media item. I've found a solution to the problem by just setting the security on this locked item to remove read access for extranet\anonymous and give only read access to the members of the specific group.

2
sitecore
May I ask for a use case? Generally speaking, users and roles should be used for things like this.Zachary Kniebel
I think workflow and permissions should be sufficient in solving this problem. Passwords are easily shared! Do you have some more background on what the real problem is? How did you come to the passworded content solution for that problem? Understanding this will help us provide good answers.Patrick Jones
Files from the media library, or access to pages within the content node? How would you give the access details to your users? Would they have to register or should it be a static/same password for all users?jammykam
I'm a bit confused as to which users exactly have to present the password. As you described it it sounds like you want your content editors to provide the password not the front end users...IvanL

2 Answers

0
votes

The Content Editors should not be the ones controlling the password that a front-end user enters to view a page. The password that a front-end user uses should be different for each front-end user.

Should that not be the case or should you desire to not implement a membership system for this implementation, what you can do is leverage Sitecore's built-in membership by making a Sitecore user that has access to the desired items and then forcing the front-end user to log into that Sitecore account when they visit the protected pages on the front-end. The Sitecore user that you create will, of course, need to have permission to view the protected folders.

Note that the Sitecore user you create should not and will not have access to the Sitecore desktop or Content Editor - that is really a conversation for a different post and I don't want to get too off track.

0
votes

My understanding of your question is that you want a certain group of editors to be prompted with a password entry box to edit content?

My question is why? Your users already supply a username and password to enter the Sitecore content editor. If you want to prevent users from making unauthorised changes you can either prevent write access for these users (which means they can't edit it) or implement a workflow. If you go for the workflow option you could possibly implement a custom workflow action that prompts for a "password" before publishing the content if you really want.