Assessing the "Everyone" role in Crestone

Update 20080629: This post was written with code against the original Crestone beta release 080314. The API for the latest beta release 080514 has changed and altered the code in this post. Check out my post Crestone differences update rev 080514 for updates to the code samples here.

As you may be aware, the security model in Sitecore's Crestone release has completely changed. Sitecore as of Crestone will use ASP.NET security.

I must say, I'm a little sad to see the Sitecore security model changing. I though the security model in Sitecore 5.3.x was really good. It was simple and effective. It was easy to understand (well, maybe cause I've been using it for so long. Pose that statement to a newby and see how they react).

One benefit I've seen in the new Crestone security model is the ability to assign rights directly to children of an item, and not the item itself. This is good when you want the user to be able to see a folder of protected items, but not the items themselves.

Anyway, in the previous security model we had the special role "Everyone". Using the API, I could ask sitecore if someone was a part of this role quite easily:

Sitecore.Context.User.IsInRole(Sitecore.Context.Domain.GetRole("everyone").ID);

This doesn't work in Crestone :(

The first difference to note is that the everyone role is now called `##everyone``. But the above code won't work. This has something to do with the fact that the everyone role is now a virtual role. So how do I get this to work? First we get the everyone role object by name. Then we can query against the users accounts if any of them are in the role:

Sitecore.Security.Accounts.Role role = Sitecore.Security.Accounts.Role.FromName("##everyone");
Sitecore.Security.Accounts.AccountList accounts = Sitecore.Context.User.GetManagedAccounts();
for(int k = 0; k < accounts.Count; k++)
{
  if(role.IsMember(accounts[k], true, true))
  {
    // User is in this role. Do Something
  }
}

And viola. It works!