Level: 100

Inherit from SecurePage when developing Sitecore apps


In this blog post you can ensure that your applications and scripts which run in your Sitecore solution isn't executed without users have to login. This is a simple and easy approach and there isn't much code envolved.





Written by: Jens Mikkelsen
Mon, May 23 2011

I have built quite a few applications that run in the Sitecore shell. It is very easy and you can build Sitecore applications using asp.net as you would build any other website (or use Sitecores own XAML engine). This is great, but there is one thing that I tend to forget and I think others do as well. When you develop a Sitecore application using asp.net, the controls in the application are often accessible if you access the files directly. For instance imagine you have created an application which uses a file - testpage.aspx – and you place it directly in the layouts folder, users will be able to run your application if they enter the URL www.yourdomain.com/layouts/testpage.aspx even though they are not logged in. ¨

This of course may be a security issue and you should ensure you require your users to login to the shell site, before they can run the application. Sitecore enables you to do this quite easy as you can just make your page inherit from Sitecore.Shell.Web.UI.SecurePage. If you do this, Sitecore will automatically redirect the user to the login page of the current site, if they are not all ready logged in. Easy-peasy-lemon-squeezy!

You can also apply this to all your Sitecore scripts, which run as a .aspx. In that way you ensure it can only be run by people who are logged in.



Please rate this article

3 rates / 4 avg.

  • About the author:

    Jens Mikkelsen

    Jens Mikkelsen is a partner at Inmento Solutions a Sitecore consulting firm. He works as a Sitecore specialist and consulting helping clients architect and build quality Sitecore solutions using the newest modules and tools. 

    Further he has been deeply envolved in various complex solutions and has built up a strong knowledge of Sitecore architecture and best practices. He has especially focused on and is specialized in debugging and analyzing Sitecore solutions.


    Jens is very interested in the technical mechanisms in the new marketing products such as Sitecore DMS and Sitecore ECM.

    My Sitecore Freelance CV

6 responses to "Inherit from SecurePage when developing Sitecore apps"

Great tip Jens, this is very usefull :-)
Posted: Wednesday, May 25, 2011 10:44 AM
great article!
Posted: Friday, May 27, 2011 8:51 AM
Excellent tip. However, this seems to mess up the viewstate.

Any thoughts on this?
Posted: Monday, November 21, 2011 3:21 PM
In fact your creative writing abilities has inspired me to start my own BlogEngine blog now.
Posted: Tuesday, October 09, 2012 5:30 AM
In Google sites, there is a restriction on cennott to adults. Is there something that is looking at individuals to verify that they are an adult. Is google looking at the google id or using a service to verify age or is it a click through verification with a box?Thanks.
Posted: Friday, December 25, 2015 8:17 PM
I was really confused, and this answered all my questions.
Posted: Thursday, March 17, 2016 3:01 PM

Leave a reply

Notify me of follow-up comments via email.