We are planning to use orchard as a private site (only available for registered users).
We can remove any access by removing the right "access site front-end" for anonymous role.
But, we also use live writer to publish content remotely (and for non technical users, live writer outperform any online editor).
Our problem is that when we remove the right for anonymous roles, it also removes /XmlRpc access, which is mandatory for live writer.
Could we allow specific controllers/action to be ignored by the "AccessFrontEnd" right ? or it is hard written ?
Note: it seems that ignored actions are hard coded in AccessFrontEndFilter on Orchard.Users. Perhaps an enhancement could be to add a new Filter/Attribute which allow specific controllers/actions to be ignored by this filter ? Or, in a more short-term
view, add XmlRpc in ignored actions ?