Area: Episerver B2B Commerce

Restricting access to /admin

Recommended reading 

Currently this is an option only in the Cloud environment. Access to the Admin Console can be disabled for any website within its environment. Consider the following scenario: My environment has 6 web servers, 3 of them are exposed to the public and 3 are internal facing. I only want to allow people to access to the Admin Console features for the 3 web servers that are on an internal network. The other 3 external web servers need to be locked down for security reasons and therefore, I do not want people access the Admin Console.

To facilitate this behavior, the DisableAdminAccess appSetting (web.config) needs to be set to "true". When set to a value of "true" the Admin Console, CMS shell, and the admin api's will be disabled and return error messages if someone attempts to use them.

Do you find this information helpful? Please log in to provide feedback.

Last updated: Dec 11, 2020

Recommended reading