In our sitecore based website, we have custom sitecore modules for the use of sitecore administrators. Inside each module we do a credential check to see whether the current user is a sitecore user.
using Sitecore.Security.Authentication;
if (AuthenticationManager.GetActiveUser().Domain.Name != "sitecore")
{
//not permitted to use the admin module
}
This check allows the administrators to use the custom module as long as they are logged into the sitecore portal. But the problem is whenever they use the sitecore "Preview" feature to preview some item, currently active user gets changed to "extranet\Anonymous". From this point onwards, our custom module thinks that the user is not a sitecore admin, and denies access to the module.
How to overcome this problem? We need this security check for our admin module as well as the preview feature.
Thanks in advance!
PS. Saw this on known issues when investigating further. http://sdn.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%206/ReleaseNotes/KnownIssues%20Recommended/Users%20in%20Preview%20mode%20do%20not%20have%20access%20to%20restricted%20pages%20unless%20they%20log%20in%20on%20the%20website.aspx
The Preview application browses the site in the context of the extranet\anonymous user to show how the site looks/behaves for website visitors by hiding secure content etc. To perform the checks you are after in your module you could use Sitecore.Publishing.PreviewManager.GetShellUser() combined with Sitecore.Context.PageMode to get the logic you are looking for.