Secure Resources

Topics: General
Apr 5, 2011 at 1:35 PM


I'm trying to resolve a common scenario, it may be my lack of understanding of Orchard.

Scenario: There is page called "Download" (, the link is present in the home page, but I want the user to either register/login or login before accessing the page.

I can see this thing working on the Orchard Gallery on the contribute page (, if I click "Get Started" button or Manage my contributions link, it gets divered to the login page.

I tried few options like creating a layer called "DownloadLayer" and setting the rule to "authenticated", but that doesn't get me the result I want. Instead the zones were displayed after a user logs in.

Any help appreciated.

Apr 5, 2011 at 2:05 PM

In the users / roles setup you can assign permissions for different content types.

So you need to create a content type called "Download Page" (with CommonPart, RoutePart, and maybe ContainerPart if you want it to be a list of downloads); then you can remove the Anomymous permission for viewing that item.


Apr 5, 2011 at 2:24 PM

Thanks for the quick reply.

But I couldn't get it working, I created a sample contenttype called video, and when I edited "Anonymous" role, for Video it gave me the following options. Not sure which one you are referring to.

Permission Allow Effective
Publish or unpublish Video for others <input name="Checkbox.Publish_Video" type="checkbox" value="true" /> <input disabled="disabled" name="Effective.Publish_Video" type="checkbox" />
Publish or unpublish Video <input name="Checkbox.PublishOwn_Video" type="checkbox" value="true" /> <input disabled="disabled" name="Effective.PublishOwn_Video" type="checkbox" />
Edit Video for others <input name="Checkbox.Edit_Video" type="checkbox" value="true" /> <input disabled="disabled" name="Effective.Edit_Video" type="checkbox" />
Edit Video <input name="Checkbox.EditOwn_Video" type="checkbox" value="true" /> <input disabled="disabled" name="Effective.EditOwn_Video" type="checkbox" />
Delete Video for others <input name="Checkbox.Delete_Video" type="checkbox" value="true" /> <input disabled="disabled" name="Effective.Delete_Video" type="checkbox" />

Delete Video

Apr 5, 2011 at 3:00 PM

Hmm... you're right, there's no basic "View {content}" permission.

I'm working on an "Enhanced Permissions" module (among other things) that adds a bunch of granular security to the content system and elsewhere so I'll look at including this.

The way the gallery project will work then is with an Authorize attribute on the controller action responsible for those pages.

So for your purposes you'll need to create your own controller and routing for your Downloads page and apply permission at the action level.

You can download the source of the Gallery project from Codeplex if you want to dig thru and see how it works.

Apr 5, 2011 at 3:04 PM

There must be an easy way, as I mentioned in the original post, all I'm after is something that's working on the showcase site. Just someone needs to tell me how to do it.

Apr 5, 2011 at 3:21 PM

Using a Controller is the easy way. You can look at the sourcecode of the showcase site and see for yourself how they did it:

I had a quick look at whether I'd be able to implement this permission in Roles but there appear to be limitations currently preventing this. I'm posting a workitem regarding this so we could eventually see it happen; until then you'll simply have to use a Controller. It's not so hard anyway ;)

Apr 5, 2011 at 3:38 PM

Workitem created if you want to track progress on this;