Best way to use Roles when overriding IMembershipService and IAuthenticationService

Topics: Writing modules
Jun 27, 2011 at 4:45 PM

I'm trying to integrate Orchard into a fairly complex pre-existing backend, in which I need to use an existing account database for authentication. As a result, I've successfully overridden IAuthenticationService and IMembershipService, and the various routes for logging in, logging out, registering, etc. So far so good.

But I'm running into some problems with handling authorization. Specifically, it seems like a number of different modules depend on the built-in Orchard.Roles module, including writing their own permissions into the table Orchard_Roles_RolesPermissionsRecord (i.e. "EditBlogPost", "ManageWidgets", etc.). As a result, in order to keep compatibility with these and other modules, I thought I should try to use the existing Orchard.Roles module for the IAuthorizationService implementation. But I'm having a hard time getting Orchard.Roles to pick up the roles assigned to the various users in the table Orchard_Roles_UserRolesPartRecord.  (In other words, "context.User.As<IUserRoles>().Roles" is empty, even when the table Orchard_Roles_UserRolesPartRecord has "Admin" listed for the user in question.)  I suspect that this is because I'm not using the ContentManager to load the users (since they're sourced in a different database), but I guess I'm not sure.

At the moment, at least, I don't need anything nearly so complex as the whole Orchard.Roles implementation - just a bare list of, "These users are admins, and can do anything they want with the site." So I could implement my own IAuthorizationService and IAuthorizer (not sure why there are two, but I guess I could figure that out), just complex enough to meet my needs. But I'm not sure what I'd be giving up by doing so. 

At any rate, I'm interested in hearing how other folks have solved this problem. Is there an easy way to use the existing Orchard.Roles module with my own implementation of IAuthenticationService and IMembershipService? Or do I need to write my own IAuthorizationService as well? And perhaps my own IRoleService as well? Thoughts or best practices?

Jun 27, 2011 at 7:59 PM

Well, you can probably either provide your own implementation of IRoleService, or implement IAuthorizer to go directly against your own permission logic. Does this help?