Password protection.

[13Groszy]

Hello guys, I came in with unique question.

Is there any way an Orchard website can be secured with the password?
My goal is to set-up a member login page where they will type in only a password and if they do, they'll be able to see the content until session storage expire (or cookie, whatever).

• Idea of using JavaScript on the front-end and navigate back to member login page doesn't work as you can still bypass it easily.
• Idea of creating the one "Authenticated" user where everyone would login as one user works fine, but if few users hit wrong password, this user is blocked for certain amount of time. Even if I reduce the calls to 50 wrong attempts and reduce block time to 1 second, small DDOS attack can block the access and I'd like to avoid this.
• Idea of creating list of users which share same password also make no sense as I don't know who my user will be, so creating hundreds/thousands users would be an overkill.

So, is there a chance I can secure Orchard website to display the content only if the user know the password?

Any suggestions/thoughts?
TIA!

[hishamco]

You could implement your own authentication provider

[lampersky]

@13Groszy you could achieve cookie based access restriction this way, create a zone, a widget and the javascript rule.

So, the widget will be added to the zone, only when all rule conditions are met, in your case it is a simple check, if particular cookie exists.

Another idea is to use workflows, I've prepared an example for you. It isn't perfect, but I just wanted to give you a clue.

Recipe:
workflow.zip

First workflow is checking if cookie exists, if not it will return simple form to provide the password, otherwise it will redirect to content item. Second workflow is used as a target for the form.

[lampersky]

oh, I forgot, this small method were used inside workflow script: