wiki.webgear.co.nz Logo
RSS

Navigation





Quick Search
»
Advanced Search »

PoweredBy

Table of Contents [Hide/Show]


   About
   Features
   Known Issues
   Warning
   Scenarios:
      Pages
   Download

About

PageSecurity plugin enables you to lock pages so that only registered users and/or admins can access it.

Features

  • Works with categories - assign security settings to categories.
  • Can displays custom message to unauthorised visitors.
  • Can redirect to any URL when unauthorised access is attempted.
  • Protects View Code.
  • Two levels of security: "user" and "admin".

Known Issues

  • Does not protect file manager
  • Does not protect Edit This Page.
  • Does not protect RSS feeds.
  • Does not protect History (page contents can still be viewed via History).
  • Disables page caching (which may result in a performance decrease).

Warning

If a user can edit a page, they can change page security, even if that page is locked for the that user (it may be not obvious, but possible).

E.g. a page is secured for admin only, but a user can edit a page. Then the user can potentially edit the page and remove those security settings altogether.

See different scenarios and recommended Wiki settings in the following section.

Scenarios:

Protect certain pages on a private wiki. Settings:
  • Private
  • Page editing by admins only
  • Protect pages using "admin" security
    This scenario will give you:
  • No public access
  • User read-only pages
  • Admin editable pages

Protect certain pages on a normal wiki. Settings:
  • Normal
  • Page editing by users only
  • Protect pages using "user" security
    This scenario will give you:
  • Public read-only pages
  • User editable pages
    You can also protect some pages with "admin" security, but as noted in Warning section, users can potentially change admin-secured pages. Use it as means to warn users that this page is for admins only, and they are not supposed to view them, but don't use it as means of denial of access.

3 level protection (for public, users and admin). Settings:
  • Normal
  • Page editing by admin only
  • Protect read-only pages for "user" security
  • Protect admin pages using "user" security
    This scenario will give you:
  • Public read-only pages
  • User read-only pages
  • Admin editable pages
    ===Usage===
    There are 2 ways you can uses PageSecurity plugin.
    ====Categories====
    Specify security settings for categories. To do that login to Administration area, go to Providers tab, select "PageSecurity 1.0" and click Configure.
    Then in "Provider Configuration" box for each category you want to protect add a line of the following manner:

CategoryName|[Public|User|Admin]|RedirectUrl|Message

Where:
  • CategoryName - is the name of the category (specified under Categories tab) you want to protect.
  • [Public|User|Admin] - security level. Use one of Public, User, Admin. (Public is useless really, but i've added it just in case)
  • RedirectUrl - (optional) url there you want users to be redirected if access is denied for them.
  • Message - (optional) message (can contain HTML and Wiki tags) that you want to be displayed to users if access is denied for them.

If RedirectURL and Message are not specified, it will redirect to Login.aspx?Redirect=PageName.ashx from user-level pages and to AccessDenied.aspx from admin-level pages.

Examples: 
Registered Users|User|PleaseRegister.ashx|
Admin Users|Admin||This page is intended for site administrators only.
In this example, i lock category named Registered Users for public. Only registered users can access this page. If a guest tries to access to access a page linked to this category, they will be redirected to PleaseRegister.ashx. I also lock category named Admin Users any non-admin access. Only administrators can access this page. If a non-admin (guest of user) tries to access to access a page, they will see our message This page is intended for site administrators only..

View Warning section about security risks.

Pages

You can also specify per-page security settings (that override category security). To do that use the following tag:

<OnlyFor [User|Admin] (redirect=RedirectUrl)>Message</OnlyFor>

See Categories for for info.

Examples: 
<OnlyFor User />
In this example, the page that has this tag will be visible to registered users only. Unauthorised access will result in redirection to Login.aspx 
<OnlyFor User>You are not supposed to view this...</OnlyFor>
Same as in previous example, but instead of redirecting, it'll show a message.

View Warning section about security risks.

Download

Current version is 1.0. Download now

© webgear.co.nz 2007-2010

Powered by ScrewTurn Wiki version 3.0.4.560. Some of the icons created by FamFamFam.