So back to our main topic here. As I said from my welcome post, I'm going to have a technical perspective of Sitecore as well. For these types of posts, I'm going to envelop them into what I call a Technical DeepDive. During technical sales presentations, these types of presentations become very important for technical audiences who tend to evaluate a product based on technical details without the marketing wrapping. We're going to start with one of Sitecore v6's important changes, the use of .NET 2.0 security framework.
To read further, I need to tell you that this is not about ASP.NET 2.0 security mechanism but on how Sitecore leverages it and how it is applied. So, you'll need to know about ASP.NET security mechanism before you read on. There's a great introduction from MSDN with related articles for your reading.
In the past, Sitecore maintained its own version of a security context. As a developer, you need to remember that the ASP.NET security context is different from Sitecore's. So, there were three ways to work with Sitecore's security:
- use Sitecore's security context exclusively and integrating into Sitecore's extranet domain
- use ASP.NET security exclusively
- use both but making sure they are in synch
In Sitecore v6, both ASP.NET and Sitecore security context are the same...or I should say that Sitecore taps into ASP.NET's context instead of managing its own. However, this doesn't mean that Sitecore essentially is just ASP.NET. Sitecore only uses the provider model and uses the same context but Sitecore's context is much more powerful and what Sitecore does with it. Here's a list of things we'll discuss:
- New UI
- New Access Rights
- Roles within Roles
- Enhanced Domain Management
On my next Technical DeepDive, we'll talk about the new security UI's.