Orchard CMS with windows auth?

0
votes

Can Orchard work with AD and Windows authentication? I need to allow only specific AD groups access to a blog. The rest of the site should be accessible to any valid domain user. The admin dashboard should only be accessible by another specific AD group.

[ update ]
At the suggestion of ViRuSTriNiTy, I tried the following:
- install the windowsauth module
http://gallery.orchardproject.net/Packages/Orchard.Module.AlexZh.WindowsAuthentication - in the admin settings, I added a user for myself as "my-domain\my-user-name", where the domain name and user are mine.
- added a role to match a AD role that I am a member of and gave this role access to everything.
- switched the iis settings over to use windows auth, and turned off anonymous
- updated the web.config to use windows auth and specify the role that I setup previous

However,I cant get to the admin panel now. What could I be missing?

[ update 2 ] After noticing the documentation link he provided (duh), I saw that I needed to enable windows auth for the modules. So I enabled IIS anonymous again (so I could log in), and updated the settings for the modules, but I see no option under Settings\Users for to enable windows auth. Did it move? Im using v1.10.2

1
iisorchardcms
Maybe you know this already but: You'd need to implement your own version of IMembershipService. There's an old plugin that does this for Dynamic CRM, we've taken that code and modified it successfully for our own needs years ago. So it's certainly possible to customize the authentication process.Xceno

1 Answers

1
votes

You can use the module AlexZh.WindowsAuthentication.

Documentation: http://orchardwinauth.codeplex.com/documentation

First you need to change the Orchard.Web project properties (in Visual Studio, click on project + F4) to ...

Anonymous Authentication: Disabled
Windows Authentication: Enabled

... and then you need to change the Orchard.Web\Web.configto something like this

  <authentication mode="Windows">
    <forms loginUrl="~/Users/Account/AccessDenied" timeout="2880" />
  </authentication>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" />
  <authorization>
    <allow roles="YourDomain\Domain Users" />
    <deny users="?" />
  </authorization>

The permissions can be configured as usual based on Orchard roles.

I've been using this module since 2 years now and i'm pretty happy with it but be aware that the module has several bugs:

  • it might cause a deadlock, see https://github.com/OrchardCMS/Orchard/issues/7688
  • it creates a new user when the logged in domain user cannot be found in the Orchard DB, you might want to alter the class CustomAuthenticationService to avoid this (i can provide some code if you need it)