Discuss

Setting up Site Security Settings

On this page

Using the Security Provider you can define the security settings for the whole project and reuse them on all of your pages. We will go through each of the available options - from single user to database users and explain how to set them up.

Setting Up Security Provider

The Security Settings you create are globally available for all your server actions across your project. You need to setup your Security Provider once, and then you can reuse it in all the steps which require any kind of security - log in, log out or restrict access.

You will find the security settings in the Server Connect Panel, under Globals:

Screenshot_1|690x429

Right click Security Provider and click Add Security Provider:

Screenshot_2|690x429

And you are done. Now we need to select the security provider type and set it up. There are 3 types of Security Provider - Single, Static List and Database.

Single User

This is the simplest security option. Using it, you just define a single user for your site - so just enter the username and password here. This is very useful, when your site only has one user and you don’t need database to store usernames and passwords:

Screenshot_3|690x429

Just enter the username and password you want to use in order to log in:

Screenshot_4|690x429

Static Users List

The next option is Static Users list. Database is not required here as well. You define a list of users and permissions (optional) for them.:

Screenshot_5|690x429

Click the Users and Permissions button to create your users list:

Screenshot_6|690x429

First define a new user:

Screenshot_7|690x429

Enter a username and password, then click OK:

Screenshot_8|690x429

This way you can define as many users as you like:

Screenshot_9|690x429

You can edit or remove any of the users you created:

Screenshot_10|690x429

You can setup different permissions and assign users to them. Later you can use these permissions to restrict access to the pages, depending on the permission or show/hide data on the page. Click the Permissions tab:

Screenshot_11|690x429

Then create a new one:

Screenshot_12|690x429

Enter a name for this permission:

Screenshot_13|690x429

Then select which of the existing users to assign it to:

Screenshot_14|690x429

Click OK:

Screenshot_15|690x429

And you are done. You can create as many permissions as you need. Click the OK button:

Screenshot_16|690x429

Database Users

The last and most advanced Security Provider type is the Database one. Before using it, make sure you've defined a Database Connection:

Screenshot_17|690x429

Select your database connection in the Connection field:

Screenshot_18|690x429

And open the Users & Permission options:

Screenshot_19|690x429

In the users panel, select the database table which stores your users data:

Screenshot_20|690x429

Select the identity column of your table:

Screenshot_21|690x429

Then select the table column which stores the usernames - the ones you ask users to enter on the login screen, do the same for the password field:

Screenshot_22|690x429

And you are done. If you need, you can add permissions and conditions for them. Click the Add new permission button. Note that this step is not mandatory, so if you don’t need different permissions for your site just skip it. :

Screenshot_23|690x429

Add a name for this permission:

Screenshot_24|690x429

Next, select the database table which you will use to check permissions. That is really useful if you have 2 different database tables - one for logins, and another which stores just the user ids with the permissions assigned to them. And then select the identity column of this database table:

Screenshot_25|690x429

Add a condition for this permission i.e. when should this permission apply and for which users:

Screenshot_26|690x429

Select a column, condition and a value. In our case, we select - when the column role equals 1. So the permission we created will affect all users which roles are set to 1:

Screenshot_29|690x429

You can setup as many permissions and conditions as you need. Click Ok when you are done:

Screenshot_30|690x429

There are a few options for the cookies, created when your users log in:

Screenshot_31|690x429

  • Domain: The domain for your cookie (e.g., ' example.com ' or ' subdomain.example.com '). If not specified, this defaults to the host portion of the current document location.

  • Path: (e.g., ' / ', ' /mydir ') If not specified, defaults to the current path of the current document location.

  • Expires: Set after how many days should the login cookie expire.

  • Secure: Signals to the browser that it should only include the cookie in requests transmitted over a secure channel.

  • Same Site: Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

And you are done. Don't forget to click the Save button in Server Connect panel. Now you can use this security provider to log users in, protect your data APIs and protect your pages.