Dynamics Portals has the ability for a user to ‘Sign In’ and authenticate themselves to the portal. Chances are you would like to know who someone is before they create a record in your system. When you create a web form in Dynamics you get an option to force users to authenticate when the access the URL of the web page. All you need to do is tick the ‘Authentication required’ check box on the form.
This is great, but what if you want to force users to authenticate before they access any other web page that doesn’t have a web form embedded in it? ‘Web Page Access Control Rules’ allow you to do this quite easily. They can allow you to restrict who can access portions of your portal, but they can also allow you to grant front-side editing permissions to a subset of users. Perhaps more on that in a future blog post.
So if you have a web page and you want to restrict it to only be viewed by authenticated users what do you do?
Step 1 – Find the web page record. Be careful, you need to apply the web page access control rule to the root page and not the content page.
Step 2 – Create a ‘Web Page Access Control Rule’ associated with the web page
Step 3 – You’ll need to:
– Give it a name: eg ‘Allow authenticated users only’
– Define the website and web page this rule will apply to. If you’ve come from the web page as per the above steps, web page should be prefilled
– Right = restrict read
Step 4 – Save the record, and then associate the ‘Authenticated Users’ web role in the web roles sub grid.
Along the way you have the choice to apply the rule to the page and all its children, or just the page itself with the scope field. Please see my example below.
The next level for the Web Page Access Control Rule is to start to think about subsets of authenticated users. If you have these requirements you can associate more specific web roles to those contacts and reference those web roles in the web page access control rule instead of the generic ‘Authenticated Users’ role. Quick note however on web roles is it can very easily get out of hand. My advice would be to look at the audiences of the portal and if they are relatively homogenous use web roles, but if they aren’t I’d strongly suggest looking at using multiple portals to restrict content.
Any question or feedback please let me know!