I am building a new MVC website with security managed by a default membership provider. The site will use Umbraco 7 for its structure and a certain amount of content editing but the core of the site will be a bespoke ASP.NET MVC application with its own users and business rules around user accounts.
Umbraco has its own membership provider. Certain users in my site will also be content editors in Umbraco, but I don't want them to have to login to Umbraco separately. Is this possible? I should point out I don't want to use Umbraco to manage the bulk of my site's users who will have nothing to do with content editing.
I've read a lot about extending the UmbracoDefaultProvider, but this always presupposes that all user accounts are being managed by the Umbraco back office.
Any guidance appreciated.
Edit:
Having analysed this a bit further (I'm still pretty new to Umbraco) I'm asking if it's possible to link member types with user roles, so an authenticated member can access the Umbraco back office and edit content. In my proposed system I'll have people who have a role in the main website (Umbraco 'members') who will also be responsible for content editing (Umbraco 'users'). Seems silly that they have to log in separately for each of these responsibilities but from research it seems to be impossible. Would be grateful if anybody could confirm.
As Umbraco has it's own UI for managing the contents, its so unlikely to provide a separate place for some users that they want to change the contents as well.
You can develop a custom control panel interact with Umbraco separately for specific types of users but its just a duplication of some features of Umbraco backoffice.
Related
I´m currently developing the Intranet for the company I am working for. The site is currently based on SharePoint, but I have to migrate it to Wordpress. And that´s my first developer experience with Wordpress, you just should know. Creating the theme, content and working with the WP Admin area works very well, but where I´m feeling defenseless is the permissions topic.
Generally, the whole page content is managed by the Marketing department. So, for me it is ok that they have access to WP Admin and I would use one of the predefined roles available.
But there will be also an area for the departments where specified users per department should be able to
edit the pre created page content
add subpages and edit its content (it would be nice if it can be defined which page templates can be selected by the user)
add posts for a pre created category (that should not be changeable by the user)
edit its profile and password
A whole access to WP Admin should be therefore prevented.
I read much information about roles, capabilities and reviewed forums and blogs presenting potential plugins. But to be honest, I´ve lost the overview and I´m totally scared about what´s the right way to do such like this the professional way.
Is there anybody who was already in such a situation or knows a good resource where to read more?
Thanks a lot.
John
PressPermit is the tool I choosed. It covers all needs described in my question.
Note: To use all features, you need to buy a support subscription currently available for $55 a year for one site.
However, a very powerful tool and in comparison to Advanced Access Manager I tried before, it really supports permissions also for multiple roles.
If you are thinking about, use the screencasts to see if the tool cover your needs. Unfortunately, there is no trial available, but you can request an evolution wordpress installation which was setup within one day in my case. This service costs $5.
We are planning to create an asp.net website (probably mvc), that needs a cms for news items.
Our content managers and others who require to publish news have asked if they can use wordpress for content management.
Our users have different roles, and news items should be visible to certain roles, or even specific users if possible.
The reason they want wordpress is the manager's user friendliness, so if some other alternative with the same kind of user experience would be ok.
Could anyone please point me in some direction?
NOTE: I'm still doing research at the moment, so I've got nothing holding me back at this point.
There is an API plugin that has been developed to spit out information in JSON, but I have not actually implemented a site with it:
http://wordpress.org/extend/plugins/json-api/
Perhaps you could have the authors work on a wordpress install and create your app to draw content via that plugin?
I too was facing the same issue, little different. We want to have WP as CMS so that our site can take the benefit of SEO which is very easy with WP. SO we installed WP under a folder in the Main ASP.net based website. Initially there were issues, I was unable to run it. Finally managed to run it. Solution is posted here - http://www.wwwlabz.com/how-to-run-a-php-based-website-from-a-subfolder-in-asp-net-website. Hope it will help someone. Actual site where we implemented this is http://www.periproperties.com/content/.
Now I want to have specific section of WP to be accessible on my site. SO I am exploring different options and will post, if found something
Thanks.
DotNetNuke is the most popular ASP.NET based CMS (source). I am implementing my first project in it and so far I am very happy with it.
Note the free edition will not work for you since you need customizable security roles and free has a limited set of predetermined roles. You'll need the pro edition.
I don't know how similar it is to WordPress. Overall, WordPress is much more popular but of course there are platform issues with WordPress since it is Apache based and you want to create an ASP.NET website.
I am developing a new version of my content management system / shopping cart to utilise forms authentication, in conjunction with membership and role providers.
Previously I had implemented two separate authentication schemes, one for admins through an admin panel, the other for front end users of the website through a "my account" area.
The benefit of this meant that administrators could log in, but still have access to edit the un-authenticated front end areas of the website. If they needed to change content in the "my account" areas, they could then easily log in to a front end user account, and make changes to the content, while still being logged in as an admin.
The problem I am facing with forms authentication is, once logged in, I still need my admins to be able to access the logged out front end areas of the website e.g. "my account" login page.
I am sure this could be achieved in a dirty way by allowing admins to access these areas still, however I want to avoid this as it can become unmanageable.
Anyone come across a requirement like this using forms authentication / asp.net membership. I really cant see how it could work. As the software will be used to create complex websites with different content for different "my account" users, that the admins need to manage, its somewhat of a limitation of the asp.net membership / forms auth model.
I'm not sure I really follow what your problem is. Why not just let Administrators access all screens, including not logged in screens? You just add the Administrators group to the allow list for the page.
I have to build a site that receives some custom report from my users and store them in a database. The users are able to view their reports and the department administrator comments on it. I was creating this myself using PHP although it was good but it's full of security holes and I get lost after a while when my code grows bigger.
I think if there is a module for drupal or wordpess that can benefit from grouping my users into separate groups that would be much easier.
Does anyone know if there is such plugin or would you recommend me some keywords to search with.
Thanx in advance
Sounds like Drupal would be a good fit for this. There would be (at least) two roles (one for regular users and one for administrators), and there would be a 'report' content type. Regular users would be able to upload reports and view their own reports and administrators would be able to comment on reports.
Drupal + CCK (and possibly the FileField module if users are uploading document files) would be able to handle all of this pretty easily.
Drupal with the CCK & FileField modules would work great (as Mike mentioned). Two roles would suffice (admin & regular user).
As for security, make sure to use the latest versions in Drupal 6 & stay on top of when those 2 modules get updated although Drupal makes it super easy for you through site notification. Along the lines of security, you'd want to 'hide' the login box from the homepage & use www.sitename.com/user for your users to login.
Super simple question from an ASP newb: I've got an internal-only ASP.NET website I'm working on that uses Windows integrated auth across the board. There are essentially three roles I want to associate with the site: user, manager, and admin. The site is open to the entire org, so anyone who is authenticated is a user, unless they are a manager or an admin.
The list of admins and managers needs to be in a database, not in the web.config. The role information for this site is not in any way associated with what can be learned from a user's AD profile.
I've been picking up ASP.NET pretty quickly and I'm definitely capable of researching the correct solution, but I was hoping someone could start me down the right road here. What's the best way to get this done? I imagine it involves using a role provider on top of the integrated auth, but before I started researching a million options and possibly picked the wrong one, I thought I'd ask here.
Thanks!
I had to do this also and I used the below blog entry from Scott Guthrie to get me going....
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
Worked great for me.
I didn't create a new provider or anything. Scott's blog post lays it out nicely. Although it is quite a hack but got me going quickly and did the trick.
With this trick you can use windows auth with DB based roles.
You could use MembershipProvider using ActiveDirectory Info here