Restrict PDF access without login. #7858

huntethan89 created 4 years ago

Hi , i want to restrict the pdf access from URL without login. If the user has logged into website then only they can access the pdf file otherwise they will redirect to login page.

We tried using File protection handler in a Normal MVC application. it is working fine, but when we implement in ASP NET Zero it is not working. Sometimes it is not redirecting to File protection handler method. Can you give any workaround on this or provide any method method to restrict PDF access.

I am using the following code:-

Web Config - i have added following line in web config under handlers tag. <add name="PDF" path="*.pdf" verb="*" type="ProjectLearn.Web.FileProtectionHandler" resourceType="Unspecified" />

After that added File protection handler class in my project. There is processRequest method in this class as follows:

    public void ProcessRequest(HttpContext context)
     {
         
         switch (context.Request.HttpMethod)
         {
             case "GET":
                 {
                    
                     // Is the user logged-in?
                     if (!context.User.Identity.IsAuthenticated)
                     {
                        
                         context.Response.Redirect("~/Home/Index");
                         return;
                     }
                     string requestedFile = context.Server.MapPath("Temp/"+context.Request.FilePath);
                     // Verify the user has access to the User role.
                     if (context.User.IsInRole("User"))
                     {
                        
                         SendContentTypeAndFile(context, requestedFile);
                     }
                     else
                     {
                        
                         // Deny access, redirect to error page or back to login page.
                         context.Response.Redirect("~/Home/Index");
                     }
                     break;
                 }
         }
     }

Please let me know on this or any other method that we can use.

Thanks

4 Answer(s)

0

maliming created 4 years ago
Support Team

Zero uses Owin built in, and you can also use Owin middleware.

https://benfoster.io/blog/how-to-write-owin-middleware-in-5-different-steps

huntethan89 created 4 years ago

Hi,

I have checked this middleware. All links are showing related to ASP.NET core. But i am working in ASP.NET MVC. 

Thanks

0

maliming created 4 years ago
Support Team

hi smartlayer3 Maybe you can make your pdf file accessible through static url, but use a method to access the pdf in a unified way. The parameter of the method may be the pdf file name, and then you can verify the identity and permissions in this method.
0

ismcagdas created 4 years ago
Support Team

This issue is closed because it has not had recent activity for a long time.

Have an answer to this question? Log in and write your answer.