Restricting Access to Cloud Pages in Salesforce Marketing Cloud

August 23, 2020
Read

Cloud Pages are a powerful tool in Salesforce Marketing Cloud (SFMC) for delivering marketing content to customers across various channels. One common use case is redirecting subscribers to a Cloud Page from a call-to-action (CTA) button or link in an email. However, there are scenarios where you may need to restrict access to Cloud Pages, such as for internal campaigns or confidential information. In this blog post, we'll explore different methods to restrict access and ensure that the right users can view the content they need.


Personalized Content

When dealing with personalized content, you can easily hide unnecessary elements using AMP script. The content will still be visible in the source code of the Cloud Page. Here's an example of how to implement this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
%%[
    /*Declare Variables*/
    var @Display,@rowCount,@rows,@CredentialDisplay,@Email,@Password
    
    /*Get the parameters(Credential) posted to the page and encrypt them*/
    set @Email= EncryptSymmetric( RequestParameter("Email"), 
"des;mode=ecb;padding=zeros", @null, "0x7FEBCBCBCB9BCB01", @null, @null, @null, @null)
    set @Password = EncryptSymmetric( RequestParameter("Password"), 
"des;mode=ecb;padding=zeros", @null, "0x7FEBCBCBCB9BCB01", @null, @null, @null, @null)
    
    /*We will have 2 variables one is  @CredentialDisplay and other is @Display
     @Display Will be used to control display of confidential blocks
     @CredentialDisplay will be used to control display of login div

    /* Display login div by default */
    set @CredentialDisplay=""

    /*Dont Display confidential data by default*/
    Set @Display ="None"
    
    /*Lookup row count in the DE matching encrypted data*/
    set @rows = LookupRows("Authenticator","Email", @Email,"Password",@password)
    set @rowCount = rowcount(@rows)
    
    
    /*If credentials matched Display confidential data and dont  Display login div */
    IF @rowCount == 1 THEN
    set @Display =""
    set @CredentialDisplay="None"
    ENDIF
    
    /*Make sure Confidential data is not displayed when no Lookup row count
 in the DE matching encrypted data*/
    IF @rowCount != 1 THEN
    set @Display ="None"
    ENDIF
]%%


<div style="display:%%=v(@CredentialDisplay)=%%;">
  <h1>Please login to view this info</h1>
  <form action="?" method="post">
    <label for="subkey">Email: </label>
    <input type="text" id="subkey" name="Email">
    <br>
    <br>
    <label for="subkey">Password: </label>
    <input type="text" id="subkey" name="Password">
    <br>
    <br>
    <input type="submit" value="Login">
  </form>
</div>
<div style="display:%%=v(@Display)=%%;">
  <h1>personalized information goes here
  </h1>
</div>

In the above code, we use AMP script to handle the login process. When a user navigates to the page, they are required to log in to view personalized content. The display of certain elements is controlled based on whether the user's credentials match the data in a specific data extension.


Before logging in:


After logging in:

Confidential Data:

If you're dealing with confidential information, a similar approach can be applied. However, instead of using AMP script, we'll use Server-Side JavaScript (SSJS) to ensure that data is written to the Cloud Page only when the user authenticates. Here's an example of the modified code:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
%[
    /*Declare Variables*/
    var @Display,@rowCount,@rows,@CredentialDisplay,@Email,@Password
    
    /*Get the parameters(Credential) posted to the page and encrypt them*/
    set @Email= EncryptSymmetric( RequestParameter("Email"), 
"des;mode=ecb;padding=zeros", @null, "0x7FEBCBCBCB9BCB01", @null, @null, @null, @null)
    set @Password = EncryptSymmetric( RequestParameter("Password"), 
"des;mode=ecb;padding=zeros", @null, "0x7FEBCBCBCB9BCB01", @null, @null, @null, @null)
    
    /*We will have 2 variables one is  @CredentialDisplay and other is @Display
     @Display Will be used to control display of confidential blocks
     @CredentialDisplay will be used to control display of login div

    /* Display login div by default */
    set @CredentialDisplay=""

    /*Dont Display confidential data by default*/
    Set @Display ="None"
    
    /*Lookup row count in the DE matching encrypted data*/
    set @rows = LookupRows("Authenticator","Email", @Email,"Password",@password)
    set @rowCount = rowcount(@rows)
    
    
    /*If credentials matched Display confidential data and dont  Display login div */
    IF @rowCount == 1 THEN
    set @Display =""
    set @CredentialDisplay="None"
    ENDIF
    
    /*Make sure Confidential data is not displayed when the 
row count in the DE matching encrypted data 
 is zero*/
    IF @rowCount != 1 THEN
    set @Display ="None"
    ENDIF
]%%

<script runat="server">
  Platform.Load("Core","1.1.1");
  try{
    //Get Parameters from Ampscript
    var CredentialDisplay= Variable.GetValue("@CredentialDisplay");
    var Display= Variable.GetValue("@Display");

    //If condition to display login section
    if(CredentialDisplay != "None") {
      Write("<div><form action=\"?\" method=\"post\"><label for=\"subkey\">Email: </label> <input type=\"text\" id=\"subkey\" name=\"Email\"><br><br><label for=\"subkey\">Password: </label><input type=\"text\" id=\"subkey\" name=\"Password\"> <br> <br>      <input type=\"submit\" value=\"Login\">  </form>  </div>");
    }


    //if condition to display confidential information
    if(Display != "None") {
      Write("<div><h1>confidential information goes here</h1></div>");
    }
  }
  catch(e){
    Write(Stringify(e));
  }
  //End catch
</script>

In the above code, we combine AMPscript and SSJS to handle authentication and display confidential information accordingly. The login section is displayed only when the user hasn't authenticated yet, and the confidential information is shown once authentication is successful.


Restricting access via IP address:

In some cases, you may want to restrict Cloud Page access based on IP addresses, allowing only specific locations or networks to access the content. Here's a high-level overview of how you can implement this:

  • Create a data extension to store the allowed IP addresses.
  • Retrieve the IP address of the customer accessing the Cloud Page using var ip = Platform.Request.ClientIP();
  • Compare the customer's IP address with the list of allowed IP addresses stored in the data extension.
  • Based on the comparison, restrict access partially or entirely using conditional statements.

There is a lot of other information in the request object. you can use this to further customize the customer's experience. Complete the details at below link:


Restricting access to Cloud Pages in Salesforce Marketing Cloud is essential to ensure that the right users can access the appropriate content. By using AMP script, SSJS, and IP address restrictions, you can control who can view personalized content, and confidential information, or restrict access based on location. Remember to prioritize the security of confidential data and explore other security options provided by SFMC to ensure a robust access control mechanism.

For more detailed information and documentation, refer to the official Salesforce Marketing Cloud resources.
Tags :

No comments:

Post a Comment

Powered by Blogger.