Using Authentication/Authorization Question

Feb 13, 2011 at 6:31 PM

I suppose I can use Orchard's Authentication & Authorization in my own .NET web app? Were can I find more info on this topic?


Feb 14, 2011 at 1:23 AM


I think there's little or no information about this atm in the documentation, but yes - this is achievable. Do you want to build your app on Orchard (recommended) or just user the Orchard.Framework as a library in your ASP.NET MVC app? The latter means a lot of work to make authentication/autorization work, as you would need to provide your own implementation of appropriate interfaces (IAuthenticationService, IAuthorizationService and so on) so I'd recommend the first one.

Please give more insight on what you want to achieve - I'll do my best to help.

Cheers, Piotr

Feb 14, 2011 at 1:38 AM

BTW - I'm planning to write an article on my blog about custom authentication/authorization in a nearest future (as it's a thing I've been working on lately). So if you're interested I'd recommend checking it out:) I'll post an info on Twitter (@pszmyd) when it'll be ready.

Cheers, Piotr

Feb 14, 2011 at 6:21 AM
Edited Feb 14, 2011 at 6:27 AM

I'm developing a web application consisting of an admin part for consumers and for merchants. I was thinking of developing the UI in Silverlight or in pure html/javascript/ajax/jquery and libraries (eg jquery UI, jQuery templates) (no webforms). I have a domain layer POCO's/infrastructure layer using Entity Framework 4, wcf service layer as entry point to my app and a SQL Server db. I was thinking of integrating the UI's of the app (admin parts) in Orchard because I additionally need some form of CMS for providing general information to the public.

- If I'm correct I should develop Orchard modules for integrating these admin parts or ...? 
- Can I use the mentioned approach: Silverlight or pure html, ajax ... for UI/presentation layer with domain POCO's, repositories entity framework 4, WCF services (vecause an Orchard module is developed using MVC 3 approach)?
- I would like using the Authentication/Authorization provided by Orchard (so that the admin parts can only be accessed by authorized persons and are provided with the correct info - every consumer/merchant has its own information.



Feb 14, 2011 at 1:27 PM
Edited Feb 14, 2011 at 1:28 PM


I'll write an blog article about such cases soon, but as a quick answer:

  1. Use modules, yes - it's clearly the best and recommended way to do that
  2. UI - basically you can create your UI in anything you want (Sliverlight, pure HTML, HTML+Ajax and so on) - just put the necessary markup in corresponding .cshml shapes
  3. EF4, WCF, custom repositories. You can create your own repositories by implementing IRepository<YourPartRecord> type and placing the CRUD code yourself inside (using eg. EF4). WCF - yes, you can host/use WCF services without a problem. Hosting WCF services in Orchard can be tricky in one situation - when you want to utilize IoC (DI) container to inject dependencies to your service class.
  4. Authentication/Authorization - you can stick with the Orchard authentication and role-based authorization. You can create your own permissions, modify the users data (eg. add some more profile fields) and so on.

In general, Orchard is an ASP.NET MVC app, so everything you can do in ASP.NET MVC you can do in Orchard too. You can eg. create your module and use just the ordinary controllers, actions and views without touching the content part/content items stuff (but why?;) In the terms of ASP.NET MVC a module is just a Zone with some special handling (dynamic loading and so on).

Cheers, Piotr

Mar 14, 2011 at 7:06 AM
Edited Mar 14, 2011 at 7:06 AM

Already some more info available???
I'm developing one module that integrates with Orchard (that can use Orchard's authorization/authentication out-of-the-box (i suppose)?
A second mobile-web-app will not be integrated with Orchard but should use the users/roles (authorization/authentication) already available in the Orchard DB. Especially for this case where should I start to achieve this?