Documentation Center

Content Manager client security

Content Manager clients connect to the Content Manager server through the Core Service, Core Service REST, IIS, or WebDAV to enable the creation or modification of Content Manager items. This section describes the right and privileges required by these clients.

The following image shows the clients of the Content Manager system:

The various clients have the different security considerations, as follows:

ClientDescriptionSecurity considerations
Classic user interfaceA browser-based user interface that runs as an ASP.NET web service in IIS (including a number of DLLs) and a number of JavaScript, CSS, XML and other files
Includes:
  • Content Manager Explorer
  • Experience Manager
  • Other browser-based Content Manager clients, such as Translation Manager
  • Access to Content Manager data is through communication with the WCF Core Service API.
  • Access is made by impersonating on the Content Manager level, not on the Windows level.
  • Authentication is through Access Management (preferred) or another supported authentication method.
  • You cannot have both Basic and Windows authentication enabled at the same time.
  • The web service runs under the Application Pool account, which by default is set up to use the NETWORK SERVICE account.
Experience Space user interfaceA browser-based user interface that runs as ASP.NET web service in IIS and a number of JavaScript, CSS, JSON and other files
  • Access to Content Manager data is through communication with the Core Service.REST API.
  • Authentication is through Access Management
  • The web service runs under the Application Pool account, which by default is set up to use the NETWORK SERVICE account.
  • Further security can be achieved through SSL/TLS .
Dreamweaver TemplatingWebDAV Connector for Adobe Dreamweaver and WebDAV Server that integrates with ASP.NET and uses Content Manager directlyBecause authentication is through IIS, using SSL/TLS is one way to secure this connection.
Content PorterA Windows desktop client that communicates directly with Content Manager
  • Access to Content Manager data is through communication with the WCF Core Service API.
  • Authentication is through Access Management (preferred) or another supported authentication method.
Microsoft Visual Studio.NET assembly templating through the TOM.NET APIBecause it communicates with the TOM.NET API and does not use external resources, security is already handled by .NET itself.
TcmUploadAssembly.exeA command-line tool that communicates directly with Content Manager
  • Access to Content Manager data is through communication with the WCF Core Service API.
  • Authentication is through Access Management (preferred) or another supported authentication method.
Template BuilderA Windows desktop client that communicates directly with Content Manager and uses Compound Template web service (hosted in IIS) for debugging templates
  • Access to Content Manager data is through communication with the WCF Core Service API.
  • Authentication is through Access Management (preferred) or another supported authentication method.
Visio Workflow DesignerA plug-in for Microsoft Visio that runs on a Windows client machine and communicates with WFListener web service (hosted in IIS) on the Content Manager server
  • Access to Content Manager data is through communication with the WCF Core Service API.
  • Authentication is through Access Management (preferred) or another supported authentication method.
WebDAV clientThe Windows file system-based interface to the Content Manager that integrates through the WebDAV Connector with ASP.NET and uses Content Manager directly Because authentication is done through IIS, using SSL/TLS is one way to secure this connection.