Sitecore Item access based on external data

Sometimes you might want to disable read access on items in your website based on something that doesn’t reside in Sitecore, like for example external data that comes from your own database. We have run into a situation where we had purposely chosen not to use the Sitecore role provider for several reasons and found a way to still apply the necessary security checks to make sure some items were not visible for all users on our portal. Our real Sitecore user was extended with some roles in our own database and we wrote an ItemProvider that would deal with this custom scenario.┬áThe methods that override the base implementation have been decompiled and slightly adjusted to serve our needs:

And the following configuration patch:

You can see that we wrote an extension on the ‘Item’ to find out if a user has access to this item (with custom logic). You can implement your own logic that will decide if the item should be returned when using the Sitecore API to fetch items. This provider will make sure that the functionality hooks in to the regular calls you make to retrieve items.

Leave a Reply

Your email address will not be published. Required fields are marked *