This project is read-only.

Remove Dashboard access

Topics: Administration
Mar 6, 2015 at 4:23 PM

im wondering if it's possible to remove the dashboard altogether from Orchard. I understand that the point of having a CMS is using the Dashboard to manage the content, but we don't like the fact that the admin menu is accessible from the Internet and we would like to remove this possibility.

The setting we were thinking about is something like that :
  • An Orchard instance on a server in our infra not accessible from the Internet with a Dashboard avaible. Another Orchard on our Internet server whitout any Dashboard avaible.
  • We were thinking both of them linked on the same DB. We are also considering having 2 different BD instance and have an externel process to publish over the data from one server to another.
We haven't yet started any developement for that and still analyzing. I would like to get the communicty advice on the feasibility of this setup and tips how to achieve this u have any idea.

Thx !
Mar 8, 2015 at 8:06 PM
Since Orchard's admin comes from all the modules you can't feasibly remove it, but you can prevent access to it by e.g.:
  • Removing the Access backend permission for every user role.
  • Implementing an action filer that checks for AdminFilter.IsApplied() (which means "Are we on the admin?") and does something if the result is true (e.g. changes the result to Unauthorized).
  • Have an IIS rewrite rule deny every request that goes to ~/Admin (which is not a 100% OK as there are parts of the admin being under something else than that but this is mostly true).
The setup you envisage is suitable I think, i.e. having essentially a multi-node Orchard setup where one node is only serving the frontend and the other one only the backend (though keep in mind that a multi-node setup is non-trivial due to the various state data that needs to be shared). You could use option nr. 2 with an additional condition of "Are we on the frontend site?".
Mar 10, 2015 at 3:09 PM
Edited Mar 10, 2015 at 7:26 PM

Thx for ur advice and the tips provided. I too believe that this setup is viable, but im wondering if anyone have achieved this yet. Our security dept won't let us going foward if the Admin is avaible on the Internet, so we are definitly going to want a multi node. Any others thought from other user ?