Hi,
We're writing a windows service to compliment an ASP.NET 1.1 MCMS
website and web-based do***ent management system we custom built some
time ago.
The service loops through a list of do***ents in our custom do***ent
management system which contains the CMS Posting and Channel GUIDs of
the do***ents in the CMS itself. The two databases (MCMS and our
custom DB) are kept in sync when user's publish content via the
do***ent management system and it publishes the content to the CMS and
also records the relevant information in the custom database.
In our new service, we need to connect the application to the MCMS
server and check if a user has security to see a particular do***ent
selected from the custom database. I was hoping to do something like
the code below but it doesn't work. The security is set up using
normal Site Manager security services and Active Directory profiles.
CmsApplicationContext context = new CmsApplicationContext();
context.AuthenticateAsGuest();
bool result = context.UserHasRightToBrowse(inputGuid); // can be
posting or channel GUID
Assert.IsFalse(result);
In the above code, "result" is always returning true. After setting
the permissions on the channel, and navigating to the do***ent via the
website as a non-logged-in user, i am correctly disallowed access.
What is different between the CmsApplicationContext and the
CmsHttpContext such that the CmsApp doesn't appear to honour the
security restrictions?
Many thanks,
Xerxes.
