How to secure my Sitecore Controller Action (MVC) only to Sitecore Logged in Users?

Question

I'm working in a Sitecore MVC application. I have written a Action methods to render Sitecore Item's meta info. The Action Method that I wrote in the Sitecore MVC Project is getting deployed to both CM and CD.

I want to restrict my Action method in CD Site and continue to use in the CM site.

Using: Sitecore 7.5, MVC4

Answer 1

dnstommy is almost there - just slight change to his implementation will get you there. The HttpPost attribute is not required.

public ActionResult MetaData()
{
    if (Sitecore.Context.IsLoggedIn == false)
    {
        return new EmptyResult();
    }

    // build your model and return to the view
    return View();
}

Returning EmptyResult() is the same as rendering an empty string on the view, so it will be as if the rendering does not exist on the page.

If you wanted to further lock things down to a specific role, you can use Sitecore.Context.User.IsInRole("ROLE NAME") to check that.

A note about the Sitecore.Context.ContentDatabase - this is set to master if you are in the shell website. That is, if you are in the content editor.

If you are viewing the site on the CM server, or previewing the site, the SiteContext will be your website definition, and if you have set the content property it will be enabled, otherwise it will be null. So it is not a safe check to see if you are on the CM server.