Disable Edit and Admin for external guests

Vote:
 

Hi!
We have an Epi CMS5 sait that we would like to disable the possibility to log in to edit and admin for external guests.
The sait use EPi accounts.

In the Authorizatin tags for edit and admin in web.config, is it possible to allow IP = "our Gateway IP" and deny IP ="*"?

Some other solution?

Kindley regards//
Patrik

#43592
Sep 20, 2010 10:16
Vote:
 

Correctly configured the authorization tags in web.config would protect your edit and admin userinterface. If the authenticated user is not a member of the correct groups the right-click menu will not be shown and it is not possible to enter edit and admin mode.

If the Access Control List of the page is allowing everyone or the current user to change or edit the page then on-page edit will be allowed and the right-click menu will show items to start editing even if they not have the roles needed to enter edit mode.

To increase security, you can take more steps. One is to require a specific url or ssl to be used to access edit/admin mode. If you use another port, you can block access in the firewall.

You can also create a virtual role with custom requirements like a specific IP-address as a requirement. See: http://virtualroles.codeplex.com/

#43597
Sep 20, 2010 10:39
Vote:
 

An other strategy is to use an Edit server, but that will require an enterprise license. The idea is basically to create a load-balanced setup (or at least several servers with the same database) but put one of the servers on the intranet and completely strip or disable the edit/admin user interface on the publically available server(s).

#43599
Sep 20, 2010 11:28
Vote:
 

You can also use IIS to deny access to a virtual directory based on IP restrictions.

IIS 6

 

  • Under your site > Create a virtual directory that matches /path/to/your/UI
  • Right click on new folder 
  • Properties
  • Directory Security Tab
  • IP address and domain name restrictions > Edit button
  • Edit IP restrictions as appropriate
IIS 7 - Follow the first two steps for IIS6 and see the following article http://technet.microsoft.com/en-us/library/cc731598(WS.10).aspx
#43626
Edited, Sep 20, 2010 18:17
Vote:
 

@David: Does this work for Virtual Path Providers? I did not know that... Thanks!

#43627
Sep 20, 2010 18:24
Vote:
 

@Fredrik: Yes it works fine on any folder in IIS, virtual or not. I will put a blog post together about it.

#43628
Sep 20, 2010 18:36
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.