Access Control with the new Visitor Groups feature

Just a quick follow-up from my previous post Virtual-Roles-and-access-control-in-EPiServer:

In that situation I had to solve a problem for a customer where certain endusers (not authenticated) should have access to more pages than other users. These users could be identified from an IP-range.

The solution then was to implement a Virtual Role and every user that matched a specific IP-range gained that role automatically. Then the webeditors could set access rights on pages based on this role.

With the new EPiServer CMS 6 R2 feature “Visitor Groups” this could be done in another way. With a little help from Magnus excellent post Building-custom-criteria-for-Visitor-groups-in-CMS-6-R2/ I created a custom criterion “IPAddress” for the Visitor Groups and then the webeditors can define as many groups they want to based on an IP range match.

Her is my criterion:

 [VisitorGroupCriterion(
        Category = "User Criteria",
        DisplayName = "IPAddress",
        Description = "Criterion that matches type and version of the user's browser",
        LanguagePath = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress")]
    public class IPCriterion : CriterionBase<IPModel>
    {
        public override bool IsMatch(System.Security.Principal.IPrincipal principal,
                                     HttpContextBase httpContext)
        {
            return IsInRange(httpContext.Request.UserHostAddress);
        }


        private bool IsInRange(string clientIpAddress)
        {
            byte[] clientIP = IPAddress.Parse(clientIpAddress).GetAddressBytes();
            byte[] mask = IPAddress.Parse(Model.Mask).GetAddressBytes();
            byte[] ip = IPAddress.Parse(Model.Address).GetAddressBytes();
            bool isequal = true;
            for (int i = 0; i < ip.Length; i++)
                if ((clientIP[i] & mask[i]) != (ip[i] & mask[i]))
                {
                    isequal = false;
                    break;
                }
            return isequal;
        }

And the model looks like:

 public class IPModel : IDynamicData, ICloneable
    {
        public EPiServer.Data.Identity Id { get; set; }
        public object Clone()
        {
            var model = (IPModel)base.MemberwiseClone();
            model.Id = Identity.NewIdentity();
            return model;
        }

        [DojoWidget(            
       DefaultValue = "127.0.0.1",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/ipaddress",
       AdditionalOptions = "{ selectOnClick: true }"),
       Required]
        public string Address { get; set; }

        [DojoWidget(
       DefaultValue = "255.255.255.0",
       LabelTranslationKey = "/shell/cms/visitorgroups/criteria/ipaddresscriterion/mask",
       AdditionalOptions = "{ selectOnClick: true }"),
       Required]
        public string Mask { get; set; }
    }

Now it looks like this in the Admin mode:

Jan 02, 2011

Comments

Anders Hattestad Jan 2, 2011 03:03 PM

Cool

Please login to comment.

Optimizely Unit Testing Using CmsContentScaffolding Package

Introduction Unit tests shouldn't be created just for business logic, but also for the content and rules defined for content creation (available...

MilosR | Apr 26, 2024

Solving the mystery of high memory usage

Sometimes, my work is easy, the problem could be resolved with one look (when I’m lucky enough to look at where it needs to be looked, just like th...

Quan Mai | Apr 22, 2024 | Syndicated blog

Search & Navigation reporting improvements

From version 16.1.0 there are some updates on the statistics pages: Add pagination to search phrase list Allows choosing a custom date range to get...

Phong | Apr 22, 2024

Optimizely and the never-ending story of the missing globe!

I've worked with Optimizely CMS for 14 years, and there are two things I'm obsessed with: Link validation and the globe that keeps disappearing on...

Tomas Hensrud Gulla | Apr 18, 2024 | Syndicated blog

See all blogs