Setting Site Security Settings
With the Security Provider you can define the security settings (single user, users list or database users) for the whole project and reuse them on all of your pages. We will go through each of the available options - from single user to database users and explain how to set them up.
The first thing you need to do is to navigate to Server Connect panel, and create a new server action:
We will place the server action inside a folder so it is easier to navigate later:
We call the folder - Security:
Create a new server action inside it:
Let's call it logIn. Right click steps:
Open the Security Provider group:
And add Security Provider:
We are going to use it everywhere in our site, so we call it siteSecurity:
Security provider step defines the user login options for your site. We start with the Single Security Provider type:
This is the simplest security option. Using it, you just define a single user for your site - so just enter the username and password here. This is very useful, when your site only has one user and you don't need database to store usernames and passwords:
The next option is Static Users list. Database is not required here as well. You define a list of users and permissions (optional) for them. Open the type menu, select Static (1) and click the Users and Permissions button (2):
First define a new user:
Enter the user's login details and click OK:
You can add as many users as you wish. Selecting a user from the list, allows you to edit his login details or to remove him from the list, using the buttons in the toolbar:
You can setup different permissions and assign users to them. Later you can use these permissions to restrict access to the pages, depending on the permission or show/hide data on the page. Click the Permissions tab:
Then create a new one:
Add a name for this permission (1) and then select which users to assign it to (2):
Click OK:
Add as many permissions as you need, assign users to them and click OK when you are done:
The last and most advanced Security Provider type is the Database one. Before adding it you need to setup a database connection and add a database connection step in the server action. Then add the security provider step and select Databse from the type dropdown:
Select your database connection in the Connection field:
And open the Users & Permission options:
In the users panel, select the database table which stores your users data:
Select the identity column of your table:
Then select the table column which stores the usernames - the ones you ask users to enter on the login screen:
Do the same for the password field:
And you are done. If you need, you can add permissions and conditions for them. Click the Add new permission button. Note that this step is not mandatory, so if you don't need different permissions for your site just skip it.:
Add a name for this permission (1), and select the database table which you will use to check permissions (2). That is really useful if you have 2 different database tables - one for logins, and another which stores just the user ids with the permissions assigned to them. And then select the identity column of this database table (3):
Add a condition for this permission i.e. when should this permission apply and for which users:
Select a column, condition and a value. In our case, we select - when the column role equals "editor". So the permission we created will affect all users which permissions are set to "editor":
You can setup as many permissions and conditions as you need. Click Ok when you are done:
When you are done setting up any of the available Security Provider types you should click the "Link" icon, so that the security provider will be linked to a separate file, which will be available for the whole project:
Select Yes when the notification appears:
And Save your action file. You are done, now you can use this security provide to log users in, protect your data APIs and protect your pages.
NEXT: Learn how to create a login page and redirect users after they log in successfully.