Object reference not set to an instance of an object.
Object reference not set to an instance of an object.
Flex Wiki Security

FlexWiki has always supported application-wide security by virtue of being an ASP.NET application. However, previous to version 2.0 of FlexWiki, security was an all-or-nothing proposition: either all topics in the wiki were accessable to a particular user, or none were. (Note: this is only somewhat true, but certainly fine-grained control was difficult or impossible.)

In FlexWiki 2.0, support for topic-level security has been added. Administrators and users can now restrict access on a per-user, per-topic basis. Support is also present for wiki-wide and namespace-level defaults. It is also possible to now lock a topic against all edits until specifically unlocked by an authorized user with HasManageNamespacePermission.

Security in FlexWiki 2.0 consists of three separate, independent pieces: authentication, authorization, and transport security. You can read about them under FlexWikiAuthentication, FlexWikiAuthorization, and FlexWikiTransportSecurity, respectively.

The FlexWiki security features were implemented by CraigAndera with support from the FlexWiki community.

Best Practices

The following directories should have the IIS Directory Security permissions for anonymous access removed and these directories should only be accessible to individuals who have authenticated (using Integrated Windows authentication - recommended):

Related Pages

Topic Date of Last Change Summary
SqlProvider Friday, July 04, 2008 <Summary of bug fix>
FlexWikiAuthentication Sunday, February 17, 2008 describes authentication options for FlexWiki
MicrosoftSecurityRSS Thursday, January 10, 2008 Headlines from Microsoft Security RSS Feeds
WindowsAuthenticationExample Friday, September 21, 2007 An example of a Web.Config file that uses Windows authentication.
WindowsAuthentication Friday, September 21, 2007 Step-by-step process on how to setup Windows Authentication on individual namespaces
SecurityProposal Thursday, September 20, 2007 This page is the Wiki side of a TandemDiscussion going on on the FlexWiki mailing list.
ManageNamespace Wednesday, September 19, 2007 An authorized action that allows full control of a particular namespace, including the ability to read, edit, and lock topics. See FlexWikiAuthorization.
FormsAuthenticationCommand Tuesday, September 18, 2007 An example of a Web.Config file that uses Forms authentication (the most simple type of authentication of ASP.NET).
NoFollow Friday, September 14, 2007 An extension to HTML that search engines use to ignore potential LinkSpam.
WikiCaptcha Thursday, September 13, 2007 Documentation about FlexWiki support for Completely Automated Process to Tell Computers and Humans Apart (CAPTCHA).
ExamplePropertyPage Friday, August 31, 2007 A summary property will be displayed in the tooltips of any page in this wiki linking to this page. For example ExamplePropertyPage. Also used as HTML meta-tag in the header.
FlexWikiTransportSecurity Friday, August 31, 2007 FlexWiki has the ability to require that content is served via HTTPS.
FlexWikiAuthorization Friday, August 31, 2007 Description of the new authorization features in FlexWiki 2.0.
Object reference not set to an instance of an object.