XmlRpc not available when "Access site front-end" removed for anonymous

Topics: Core
Feb 21, 2012 at 1:41 PM

We are planning to use orchard as a private site (only available for registered users).

We can remove any access by removing the right "access site front-end" for anonymous role.

But, we also use live writer to publish content remotely (and for non technical users, live writer outperform any online editor).

Our problem is that when we remove the right for anonymous roles, it also removes /XmlRpc access, which is mandatory for live writer.

Could we allow specific controllers/action to be ignored by the "AccessFrontEnd" right ? or it is hard written ?

Note: it seems that ignored actions are hard coded in AccessFrontEndFilter on Orchard.Users. Perhaps an enhancement could be to add a new Filter/Attribute which allow specific controllers/actions to be ignored by this filter ? Or, in a more short-term view, add XmlRpc in ignored actions ?

Feb 21, 2012 at 2:49 PM

I guess the XmlRpc routes just need to be exempt from the access front end permission, since they perform their own custom user validation. File a workitem for this.

Feb 21, 2012 at 2:52 PM

Done : http://orchard.codeplex.com/workitem/18455