Hi,
in my website, I need a setup where User A should not access the files which user B have access. I made a lot of google search and Identified that I can achieve this by adding a filter to all static content requests and checking inside that filter whether the current user could access the file he requested or not. So my question is how I can achieve this in Umbraco? Or is there any better way available to achieve what I am looking for?
Yes, I meant from end users only, But I want the ability to decide whether the user should get access to a specific file or not programmatically. This package checks whether the user is logged in or not only before giving access. I want a setup like where member A can access specific files and member B won't be able to access same file.
Couldn't you achieve that via Groups? So you protect files with groups and then assign members to groups. That way you can control who can access what.
Nop, That won't work in my case, I am building a financial software where we expect around 10k members, no member should have access to other member's file. So if went group way I have to create 10k groups as each member is a standalone entity here.
I have been trying to achieve this by this method, But that is not working fine with my Umbraco environment. What astonishes me is that so far no one had a requirement like this with Umbraco? For me, this looks a common scenario where we don't want one of our customer to access another customer's files or better a Hacker should not be able to access entire files of all customers if he just had a login inside the system, Right?
If the files are sensitive then I probably wouldn't be storing them on the filestore at all. I'd store them directly in a database as encrypted binary blobs keyed to the member Id and then write a custom file picker. More work? Definitely. But Umbraco was never really designed as a secure document storage.
Filter static content requests in Umbraco
Hi, in my website, I need a setup where User A should not access the files which user B have access. I made a lot of google search and Identified that I can achieve this by adding a filter to all static content requests and checking inside that filter whether the current user could access the file he requested or not. So my question is how I can achieve this in Umbraco? Or is there any better way available to achieve what I am looking for?
If by users you mean front-end members then there is a commercial package available that will protect media (in Umbraco media section) - https://our.umbraco.org/projects/website-utilities/media-protect/
Yes, I meant from end users only, But I want the ability to decide whether the user should get access to a specific file or not programmatically. This package checks whether the user is logged in or not only before giving access. I want a setup like where member A can access specific files and member B won't be able to access same file.
Couldn't you achieve that via Groups? So you protect files with groups and then assign members to groups. That way you can control who can access what.
Nop, That won't work in my case, I am building a financial software where we expect around 10k members, no member should have access to other member's file. So if went group way I have to create 10k groups as each member is a standalone entity here.
I have been trying to achieve this by this method, But that is not working fine with my Umbraco environment. What astonishes me is that so far no one had a requirement like this with Umbraco? For me, this looks a common scenario where we don't want one of our customer to access another customer's files or better a Hacker should not be able to access entire files of all customers if he just had a login inside the system, Right?
You Can set permissions based on usergroups with MediaProtect. Sop you control who can see what.
Hope this helps,
Richard
I can't use usergroups as each member should have access to his files only, so 10k users mean 10k usergroups here. Is there any other way awailable?
If the files are sensitive then I probably wouldn't be storing them on the filestore at all. I'd store them directly in a database as encrypted binary blobs keyed to the member Id and then write a custom file picker. More work? Definitely. But Umbraco was never really designed as a secure document storage.
is working on a reply...