Gutemberg Ribeiro


Apr 15 23:58    

@cmello  I can't speak for Halo PS but, what I know is that Orleans is agnostic to authentication/authorization mecanisms

I once pointed that here but the initial/current design is that Orleans is not accessible from outside its network boundaries which means that you must have a frontend server which talk to the Silos and is exposed to the internet

this server will deal with auth and forward requested to the grains

in my case (and many people here) I have 2 kinds of frontend servers

1 webAPI and 1 socket server

both are on a diff subnet exposed to the internet behind a Application Gateway/Loadbalancer and the silos are on a diff private subnet which receives connection only from the frontend one

those frontend servers applies some auth logic based on OAuth/OpenId and talk with the cluster thru OrleansClient however, one of the questions here was to at some point, document and create an open protocol for Orleans so we can have external clients connecting to it


Hey guys! Have you seen or implemented some application using actors that has authorization / access control? For example, user A can access Actor Resource1, user B cannot access Actor Resource1 but can access Actor Resource2. @sergeybykov please is there public information about the design of access control into the Halo presence service? Thank you very much!

In Halo and other similar cases access control is done at the frontend layer with an auth token passed down necessary call chains.