Orchard.Users - prevent users from logging in

Developer
Dec 9, 2010 at 11:02 PM

Hi

Is it possible to totally prevent users from logging into Orchard site? I haven't seen such setting, but I think it would be nic to have it. It would be useful in situations, when eg. you want to do some maintenance or have custom authentication module (via some sort of external SSO server, eg. CAS).

Cheers, Piotr

Coordinator
Dec 9, 2010 at 11:09 PM

You can remove the front-end permission from the anonymous role. That should take care of it.

Developer
Dec 10, 2010 at 12:33 PM
Edited Dec 10, 2010 at 12:36 PM

That didn't work:/ I removed the role permission, but /Users/Account/LogOn is still accessible after logout.

[EDIT] I turned the anonymous role permission off, but in grayed-out effective permissions column it is still on. It looks like an not-alterable default setting

I'm trying to make LogOn screen return 404 (or Access Denied or anything else) if users are not allowed to log in. Is there any other way or should I alter the Orchard.Users module (and contribute my changes) to make this possible?

 

Coordinator
Dec 10, 2010 at 4:31 PM

I'll look at the greyed out part, which my be a bug. For the other part about logon I had not understood that's what you wanted to do but I fail to see the logic in that: in order to determine if a user should have the rights to this or that, don't you have to let them identify themselves first?

Developer
Dec 10, 2010 at 4:45 PM

You're right, but the thing I want to achieve is to completely disable LogOn screen - no matter the user is authenticated or not. I thought about doing this by creating a boolean setting, but that would mean I have to alter the Orchard.Users module which I want to avoid. I don't want to disable Orchard.Users completely (I know it's not possible right now BTW), because my custom authentication module relies on it.

Coordinator
Dec 10, 2010 at 7:33 PM

Ah, you have completely custom auth? Well, can't you override the template as a workaround? Maybe override the routes?

Developer
Dec 10, 2010 at 7:58 PM

Yeah, I have completely custom auth module. The only connection with Orchard.Users is the nonexistent account provisioning stuff (just like Live <--> Codeplex).

But can I override a LogOn.cshtml in another module, or just themes have the possibility to do so? Override routes - ok, i'll try that and just redirect LogOn request to void and see if it works. I'm only wondering about route priorities - in what order do Orchard read the route definitions for modules?

Or maybe I can add such setting ("Allow users to log on.") to Orchard.Users module and contribute it as a patch (without workarounds)?

Coordinator
Dec 10, 2010 at 8:06 PM

Yes, you can override the routes that the Orchard.Users AccountController understands by declaring your own with a higher priority. And no, you're right, overriding the views can only be done by a theme (and you want to prevent the controller actions from being called anyway, not just hide the views).