Remove addon on decoupled setup

[jonasboman]

Hi Mark. is it possible to prevent access to this addon and/or Robots? For security i guess it can be acchieved be deleting the folder under modules/_Protected; would this be the best way to do that?

[GeekInTheNorth]

Hi @jonasboman

You can change the access to both modules by providing an authentication policy in startup.cs for this very reason. You don't need to delete the modules folder at all.

services.AddStottSecurity(cspSetupOptions =>
{
    cspSetupOptions.ConnectionStringName = "EPiServerDB";
},
authorizationOptions => 
{
    authorizationOptions.AddPolicy(CspConstants.AuthorizationPolicy, policy =>
    {
        // Add this line if you are using Opti Id
        policy.AddAuthenticationSchemes(OptimizelyIdentityDefaults.SchemeName);

        // Set your authorisation policy here to change who can access the security module
        policy.RequireRole("SecurityAdmin");
    });
});

services.AddRobotsHandler(authorizationOptions => 
{
    authorizationOptions.AddPolicy(RobotsConstants.AuthorizationPolicy, policy =>
    {
        // Add this line if you are using Opti Id
        policy.AddAuthenticationSchemes(OptimizelyIdentityDefaults.SchemeName);

        // Set your authorisation policy here to change who can access the robots module
        policy.RequireRole("RobotsAdmin");
    });
});