Base solution for your next web application
Open Closed

Static File Authentication #10861

User avatar
0
KPCS created

Hi Team,

There is direct URL access issue in asp.net zero project, where user can access static files without authentication.

For example any one can access this URL: d6be4d82.demo.aspnetzero.com/assets/sampleFiles/ImportUsersSampleFile.xlsx

We want to authentication checks for this URL, guide us how we can achieve this.

Thanks,

Kind Regards, Kumar Prashant

Go to accepted answer
1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    You can modify the StaticFile middleware as shown below;

    app.UseStaticFiles(new StaticFileOptions()
        {
            OnPrepareResponse = (context) =>
            {
                if (!context.Context.User.Identity.IsAuthenticated && context.Context.Request.Path.StartsWithSegments("/assets"))
                {
                    throw new Exception("Not authenticated");
                }
            }
        });

    Or you can even write a custom middle ware which must be placed before staticFiles middleware;

    app.Use(async (context, next) =>
               {
                   if (!context.User.Identity.IsAuthenticated
                       && context.Request.Path.StartsWithSegments("/assets"))
                   {
                       throw new Exception("Not authenticated");
                   }
                   await next.Invoke();
               });
Assignee
No one
Labels
Non yet