Remove the editting interface?

Vote:
 

Looked at Chris Bennett's article 'Server Architecture Options for EPiServer' (http://world.episerver.com/Blogs/Chris-Bennett/Dates/2009/12/Server-Architecture-Options-for-EPiServer/) and we are planning on implementing option 2.  Chris talked about the editting interfaces being removed from the internet facing live servers. Which is best approach in doing that, including the admin interface and the EPiServer context menu?

#44723
Oct 13, 2010 15:20
Vote:
 

No sure on the below but here goes..

 

The edit and admin mode shouldb be able to disable on the internet available servers via the <location> element in web.config (deny all users).

I'm not sure about the contextmenu. If the user is able to login successfully on the internetservers i guess they will get the context menu even if the access to edit and admin mode is disabled. One option might be to use sql authentication on the internetservers and windows authentication on the internal edit server. So if the editors try to login on one of the internet servers they won't succeed.

 

#44727
Oct 13, 2010 16:18
Vote:
 

Thanks for your suggestions.

Denying access through the <location> element certainly stops any user seeing the admin and edit sections of the CMS but I need to stop the contextmenu being unavailable.  Otherwise, I found onscreen edit and hence publishing is still possible - unless I've missed something.

I will look at alternative methods of authentication as an option but the creation and management of Window authenticated users through the CMS may not be feasible.

#44733
Oct 13, 2010 20:06
Vote:
 

Remove the Virtual Path provider configurations in episerver.config for your frontend servers.

<add virtualPath="~/App_Themes/Default/" physicalPath="C:\Program Files (x86)\EPiServer\CMS\6.0.530.0\application\App_Themes\Default" name="App_Themes_Default" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add virtualPath="~/cms/CMS/" physicalPath="C:\Program Files (x86)\EPiServer\CMS\6.0.530.0\application\UI\CMS" name="UI" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add virtualPath="~/Util/" physicalPath="C:\Program Files (x86)\EPiServer\CMS\6.0.530.0\application\util" name="UtilFiles" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add virtualPath="~/WebServices/" physicalPath="C:\Program Files (x86)\EPiServer\CMS\6.0.530.0\application\webservices" name="WebServiceFiles" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add virtualPath="~/cms/CMS" physicalPath="C:\Program Files (x86)\EPiServer\CMS\6.0.530.0\application\UI\EPiServer\CMS" name="EPiServerCMS" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
      <add virtualPath="~/cms/Shell" physicalPath="C:\Program Files (x86)\EPiServer\Framework\6.0.318.113\Application\UI" name="EPiServerShell" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
   Frederik
#44736
Oct 13, 2010 21:00
Vote:
 

Thanks Frederik.  I removed the VirtualPath providers as you suggested and this certainly stops access to cms.  However, is there a way to hide or, even better, not show the EPiServer context menu (right click menu) for the frontend servers?

#44804
Oct 15, 2010 15:04
Vote:
 

Well, you can add/remove items in the context menu from code, see this article in the SDK: http://sdk.episerver.com/library/cms5/Developers%20Guide/How%20To/Add%20and%20Remove%20Right-click%20Menu%20Items.htm

I think there's also an Enabled or Disabled property for the ContextMenu, don't know if it works though (I have a vague memory that it doesn't do what you think it does, i.e. hide the menu completely).

Say you use an appSettings flag or similar to decide whether to disable (or at least clean out) the menu, and set this flag on the fronts only. Or rather, make it default to removing the items so you have to set it on the edit servers where you're less likely to forget this :)

#44819
Oct 15, 2010 17:31
Vote:
 

Hi,

I don't know if this helps but if you want to remove edit/admin but still allow users to login to the site (member scenario) you need to make sure that you keep the App_Themes_Default and UtilFiles sections in the VPP part of episerver.config.

Also, inspired by Magnus, I have found a way to hide the context menu - I tried the property he mentioned but it didn't work (I suspect it's used when you select 'Disable Menu' from the context menu).

My solution was to add the following to the Page_Load event of the master page, checking for a config flag first to enable/disable the menu easily:

EPiServer.Web.PageExtensions.ContextMenu menu = EPiServer.Web.PageExtensions.ContextMenu.Current;

int menuItemsCount = menu.Menu.Items.Count - 1;

for (int i = 0; i <= menuItemsCount; i++)

{

    menu.Menu.Items.RemoveAt(0);

}

It's not especially elegant and I'm sure there must be a better way but it seems to work ok.

Good luck,

Mark

#45853
Nov 19, 2010 15:09
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.