Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • athul 26 posts 117 karma points
    Oct 20, 2017 @ 04:48
    athul
    0

    Filter static content requests in Umbraco

    Hi, in my website, I need a setup where User A should not access the files which user B have access. I made a lot of google search and Identified that I can achieve this by adding a filter to all static content requests and checking inside that filter whether the current user could access the file he requested or not. So my question is how I can achieve this in Umbraco? Or is there any better way available to achieve what I am looking for?

  • Dan Diplo 1554 posts 6205 karma points MVP 6x c-trib
    Oct 20, 2017 @ 08:20
    Dan Diplo
    0

    If by users you mean front-end members then there is a commercial package available that will protect media (in Umbraco media section) - https://our.umbraco.org/projects/website-utilities/media-protect/

  • athul 26 posts 117 karma points
    Oct 20, 2017 @ 08:24
    athul
    0

    Yes, I meant from end users only, But I want the ability to decide whether the user should get access to a specific file or not programmatically. This package checks whether the user is logged in or not only before giving access. I want a setup like where member A can access specific files and member B won't be able to access same file.

  • Dan Diplo 1554 posts 6205 karma points MVP 6x c-trib
    Oct 20, 2017 @ 08:40
    Dan Diplo
    0

    Couldn't you achieve that via Groups? So you protect files with groups and then assign members to groups. That way you can control who can access what.

  • athul 26 posts 117 karma points
    Oct 20, 2017 @ 08:43
    athul
    0

    Nop, That won't work in my case, I am building a financial software where we expect around 10k members, no member should have access to other member's file. So if went group way I have to create 10k groups as each member is a standalone entity here.

  • athul 26 posts 117 karma points
    Oct 20, 2017 @ 08:46
    athul
    0

    I have been trying to achieve this by this method, But that is not working fine with my Umbraco environment. What astonishes me is that so far no one had a requirement like this with Umbraco? For me, this looks a common scenario where we don't want one of our customer to access another customer's files or better a Hacker should not be able to access entire files of all customers if he just had a login inside the system, Right?

  • Richard Soeteman 4046 posts 12899 karma points MVP 2x
    Oct 20, 2017 @ 09:36
    Richard Soeteman
    0

    You Can set permissions based on usergroups with MediaProtect. Sop you control who can see what.

    Hope this helps,

    Richard

  • athul 26 posts 117 karma points
    Oct 20, 2017 @ 09:39
    athul
    0

    I can't use usergroups as each member should have access to his files only, so 10k users mean 10k usergroups here. Is there any other way awailable?

  • Dan Diplo 1554 posts 6205 karma points MVP 6x c-trib
    Oct 20, 2017 @ 08:54
    Dan Diplo
    1

    If the files are sensitive then I probably wouldn't be storing them on the filestore at all. I'd store them directly in a database as encrypted binary blobs keyed to the member Id and then write a custom file picker. More work? Definitely. But Umbraco was never really designed as a secure document storage.

Please Sign in or register to post replies

Write your reply to:

Draft