How can I save media to either a publicly accessible or protected location?
I have several v6 projects where I need to be able to differentiate between files in the media library that are publicly accessible and files that aren't.
Obviously, any files uploaded into Umbraco are by default publicly accessible just by using the URL path /media/xxxx/filename.ext but this is not appropriate for files that shouldn't be served to the public.
What I want to achieve is to be able to upload files so that they can be marked as protected or public, preferably using FormsAuthentication or in some cases using two separate Azure Blob Storage containers - one public, the other not.
For example, I want to be able to upload to one of two locations depending on the MediaType: /media/ and /protected-media/ or azureContainer1 and azureContainer2.
I have been looking at creating a FileSystemProvider but the AddFile() overloads only accept a parameter for the file stream and path - and no other information, e.g. what type of MediaType it is. So I can't perform any logic in the FileSystemProvider to decide where to save the file. My problem is that there is nowhere else in the stack where I can place this logic.
I could create a new file uploader data type but the datatype should be "dumb" and not really contain any logic about what it is saving. I could create a MediaService.Saving event, but I can't alter the location of where the file is saved from there.
I've created Media protect (http://soetemansoftware.nl/media-protect) to handle this scenario, also works on Azure. Not using BLOB storage tho. But maybe you can use it.
I have a similar situation and can get round it using role based permissions and having a specific web.config file in each restricted folder. The users have to be well trained/disciplined to only upload media to certain folder and it could be a bit unweildy if there were too many folders to protect.
I have done this with very generic bands of protection - member group 1 can access everything protected to level 1, member group 2 can access everything protected to level 2 and level 1 and so on. What worked for me was to create a custom upload control to upload the file to a temporary location, then an event handler that moved files out of context as part of the BeforeSave event then changed the file path to point at a surface controller with the filename. Finally I added a surface controller to check the user's permissions and only return the file from the out of context location if they are allowed to access it.
That way I got control of my own file paths, definitely have my files locked away and could manage my own security. For the type of site I am creating this is ideal, but in some cases it might be overkill and I am not suggesting it is the best way to do the job. It can be done, however, and it does work.
How can I save media to either a publicly accessible or protected location?
I have several v6 projects where I need to be able to differentiate between files in the media library that are publicly accessible and files that aren't.
Obviously, any files uploaded into Umbraco are by default publicly accessible just by using the URL path /media/xxxx/filename.ext but this is not appropriate for files that shouldn't be served to the public.
What I want to achieve is to be able to upload files so that they can be marked as protected or public, preferably using FormsAuthentication or in some cases using two separate Azure Blob Storage containers - one public, the other not.
For example, I want to be able to upload to one of two locations depending on the MediaType:
/media/
and/protected-media/
orazureContainer1
andazureContainer2
.I have been looking at creating a
FileSystemProvider
but theAddFile()
overloads only accept a parameter for the file stream and path - and no other information, e.g. what type ofMediaType
it is. So I can't perform any logic in the FileSystemProvider to decide where to save the file. My problem is that there is nowhere else in the stack where I can place this logic.I could create a new file uploader data type but the datatype should be "dumb" and not really contain any logic about what it is saving. I could create a
MediaService.Saving
event, but I can't alter the location of where the file is saved from there.Can anyone suggest how I might resolve this?
Thanks.
Hi,
I've created Media protect (http://soetemansoftware.nl/media-protect) to handle this scenario, also works on Azure. Not using BLOB storage tho. But maybe you can use it.
Cheers,
Richard
Hi Kieron - did you find a solution to this?
I have a similar situation and can get round it using role based permissions and having a specific web.config file in each restricted folder. The users have to be well trained/disciplined to only upload media to certain folder and it could be a bit unweildy if there were too many folders to protect.
I have done this with very generic bands of protection - member group 1 can access everything protected to level 1, member group 2 can access everything protected to level 2 and level 1 and so on. What worked for me was to create a custom upload control to upload the file to a temporary location, then an event handler that moved files out of context as part of the BeforeSave event then changed the file path to point at a surface controller with the filename. Finally I added a surface controller to check the user's permissions and only return the file from the out of context location if they are allowed to access it.
That way I got control of my own file paths, definitely have my files locked away and could manage my own security. For the type of site I am creating this is ideal, but in some cases it might be overkill and I am not suggesting it is the best way to do the job. It can be done, however, and it does work.
is working on a reply...