this attribute the left menu (UserAccountMenu) can be managed based on the
selected user. The logged on user context (roles) finally determines if the
menu item shows up or not.
selectedUserContext attribute can contain "Administrator,Reseller,User"
Was caused when recyclying the enterprise server. Encrypted session get got a
lenght of 24 which resulted into a loop and finally a 500 error.
When encrypted sessionid does not match, session is logged off and redirected to
default page and encrypted session key restored.
Add the element ExcludedRolesToLogin tp the SiteSettings.config and specify
comma separate which roles are not allowed to login to the panel. e.g.:
<ExcludedRolesToLogin>Administrator,Reseller</ExcludedRolesToLogin>
By doing this you can eliminate the attack surface by publishing the portal
twice. One for the organization administrators and an internal one for the
adminsitrators and reseller admins
Available roles now in the platform: Administrator, Reseller, User, PlatformCSR,
PlatformHelpdesk, ResellerCSR, ResellerHelpdesk.
The platform CSR and Helpdesk are peer accounts on platform root level.
The names can be used within the websitepanel_pages.config on Page and Module
level. On module level the roles can be specified on the viewRoles attribute and
readOnlyRoles attribute. When specifying the later all controls will be disabled
within the Modile, the viewRoles just show the page or not. When nothing
specified the page is just shown
All authentication related cookies tagged as httpOnly
web.config: enabledVersionHeader=false
autocomplete disabled
Login url injection redirection fixed
session hijacking implemented
Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
