Sitecore: How and why use Sitecore Virtual Users in CD (content Delivery)

0 投票
最新提问 用户: (260 分)

I've come across few sitecore implementations where virtual users have been used on CD (content delivery) where site has a membership (login state).

We are migrating a site from java CMS to sitecore and has login state using azure ADB2C and Social login providers. Once logged in the user will be redirected to Sitecore CD with token. Based on user membership type we will need to show hide menu items and widgets across the site.

I am aware that one of the advantage of using Virtual user is no license cost on sitecore user.

Appreciate if someone could please help me understand below:

  1. What other scenarios do we have to use Virtual users in CD?
  2. What is the advantage of using Virtual users given that we could manage the user details in Session?
  3. What are the disadvantages of using Virtual users in CD?
  4. Is it best option to use virtual user and sitecore roles to secure menu items and pages? Or apply the security from linq query etc?



0 投票
最新回答 用户: (140 分)

The concept of virtual users may differ slightly from your understanding. Think of them as a temporary representation of a user that could get its data from anywhere e.g. your azure providers.

Without virtual users, the default is that all user details are stored in the core aspnet membership tables. Virtual users allow people to 'login' but wouldn't create associated database records.

One common scenario, which it sounds like you are using, is that user and role data is held elsewhere (azure/ad). At the point this data is queried a virtual user is created with the associated roles / profiles etc. As sitecore then evaluates security this virtual user data is used.

The advantage of using them over something like session is that all the sitecore security layers will respect the data held in them. If you did something custom that would require lots of dev effort.

There is no link between virtual users and licence based users - licence's typically allow concurrent editors to the cms which is a different concept to 'users'.

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。