Guest User and Application User

Release 1.0 - ...

In previous versions of Smartsite, requests that were made by a user that was not logged in were running without a current user. With the new security model introduced in Smartsite iXperion, every request runs under the account of a user. When a user is logged in, the request runs with the security profile that belongs to that user. When no user is logged in, the request runs with the security profile that belongs to the guest user. It is important to understand that in this context, Guest user and Application user are concepts and that they are mapped to user accounts with a different name.

Guest user

The guest user is typically a user with very limited access to the webserver. It is in general used for operations performed by someone that is anonymous and therefore not trusted. The guest user will typically have only read-only access to the filesystem and read-only access to most of the tables in your database.

Application user

The application user is typically a user that has read and write access to most resources on the webserver. The application user is used by e.g. background processes that are fully trusted and needs write access to do theirs jobs. The application user is also used by Smartsite internally for performing certain operations. The application should in general not be used for browsing the site.

Configuration

The guest user and application user are configured in the smartsiteaccounts section of the Smartsite.Security.config file. Here you can specify which user account in the Smartsite Users or Visitors table is used for operations performed by the guest/application user.

XML CopyCode image Copy Code
<smartsiteaccounts>
  <guest loginname="siteguestuser" />
  <system loginname="siteapplicationuser" />
</smartsiteaccounts>

In this example, the user account specified by the loginname "siteguestuser" is used for the guest user and the user account specified by the loginname "siteapplicationuser" is used by the application user. These two users must both have a user role that mapped to different security profiles.