Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunitySubmit a ticketLog In
GitHubNuGetDev CommunitySubmit a ticket

Restrict access to the Admin Console

Describes how to restrict access the Admin Console in Configured Commerce.



Currently this is an option only in the cloud environment.

Access to the Admin Console can be disabled for any website within its environment. Consider the following scenario: My environment has 6 web servers, 3 of them are exposed to the public and 3 are internal facing. I only want to allow people to access to the Admin Console features for the 3 web servers that are on an internal network. The other 3 external web servers need to be locked down for security reasons and therefore, I do not want people access the Admin Console.

To facilitate this behavior, the DisableAdminAccess appSetting (web.config) needs to be set to "true". When set to a value of "true" the Admin Console, CMS shell, and the admin api's will be disabled and return error messages if someone attempts to use them.

Blocking /admin on the public domain will disable impersonation of users via the admin console. We do not block sub domain integration URLs.


  • ~ /admin can be blocked.
  • ~ /admin cannot be blocked.
  • ~ /admin can be blocked.
  • ~ /admin cannot be blocked.