Added a filter to ensure all requests to anything under /admin must be an authenticated request.

--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4044345

src/Orchard/Mvc/Filters/AdminFilter.cs

@@ -0,0 +1,14 @@
+using System.Web.Mvc;
+
+namespace Orchard.Mvc.Filters {
+    public class AdminFilter : FilterProvider, IActionFilter {
+        public void OnActionExecuting(ActionExecutingContext filterContext) {
+            //TODO: (erikpo) When Orchard needs to work from a virtual path, this check will need to be adjusted
+            if (filterContext.HttpContext.Request.RawUrl.StartsWith("/Admin") && !filterContext.HttpContext.Request.IsAuthenticated)
+                filterContext.Result = new HttpUnauthorizedResult();
+        }
+
+        public void OnActionExecuted(ActionExecutedContext filterContext) {
+        }
+    }
+}

src/Orchard/Orchard.csproj

@@ -125,6 +125,7 @@
     <Compile Include="Environment\IOrchardShellEvents.cs" />
     <Compile Include="Extensions\ExtensionDescriptor.cs" />
     <Compile Include="Extensions\ExtensionEntry.cs" />
+    <Compile Include="Mvc\Filters\AdminFilter.cs" />
     <Compile Include="Mvc\Html\FileRegistrationContext.cs" />
     <Compile Include="Themes\ExtensionManagerExtensions.cs" />
     <Compile Include="Extensions\Helpers\PathHelpers.cs" />