Article security


Visibility

By default newly created article is visible for everyone, even for not authenticated users.

To prevent not authorized users to view an Article you need to check "Authenticated" checkbox under Article settings and then there is 2 options available:

  • Allow all authenticated users
  • Add specific modules to article permissions 
If  "Authenticated" and "Allow everyone" are checked make sure all Razor call for stored procedures and record source allows all users, otherwise some user with insufficient permissions might get errors

For some specific apps you can add 2 factor authentication required, in order to do this, add snippet bellow to template or Main html 

    
    {
        if (!Appframe365.Web.Context.UserContext.RequireCurrent.IsDeveloper) {
            throw new System.Web.HttpException(403, "Only developers can use this page");
        } else if (Appframe365.Web.Context.RequestContext.Current.AuthenticationState.GetVerifiedFactorCount() < 2) {
            System.Web.Security.FormsAuthentication.RedirectToLoginPage("RequireTwoFactor=1");
        }
    }
    

Creating, updating, deleting

There are several ways to allow users to work with articles.

  1. User needs to be member of role [af_developer]
  2. User needs to be member of role which is added to site setup permissions as editor or manager
  3. Org unit based permissions

Related articles

Placeholder "LocalizeWeb2016" failed