FlexWiki has always supported application-wide security by virtue of being an ASP.NET application. However, previous to version 2.0 of FlexWiki, security was an all-or-nothing proposition: either all topics in the wiki were accessable to a particular user, or none were. (Note: this is only somewhat true, but certainly fine-grained control was difficult or impossible.)

In FlexWiki 2.0, support for topic-level security has been added. Administrators and users can now restrict access on a per-user, per-topic basis. Support is also present for wiki-wide and namespace-level defaults. It is also possible to now lock a topic against all edits until specifically unlocked by an authorized user with HasManageNamespacePermission.

Security in FlexWiki 2.0 consists of three separate, independent pieces: authentication, authorization, and transport security. You can read about them under FlexWikiAuthentication, FlexWikiAuthorization, and FlexWikiTransportSecurity, respectively.

The FlexWiki security features were implemented by CraigAndera with support from the FlexWiki community.

Best Practices

The following directories should have the IIS Directory Security permissions for anonymous access removed and these directories should only be accessible to individuals who have authenticated (using Integrated Windows authentication - recommended):

• admin
• logs
• Namespaces
• all subdirectories of Namespaces
• content and all subdirectories (if they exist)

Related Pages