I have a requirement to restrict specific media items from been opened by non members.
I have already made a start by.
Creating a restricted folder within the media which I intend to pop all the restricted media.
I I've created a dynamic robots.txt to disallow search engines from indexing these types of documents.
I now need to figure out how to restrict access to these files unless a member is logged in. I'm guessing I need to somehow hijack the route to these files and add some authorisation checks somewhere in between. I am thinking it might actually be better to add a custom property on the media item to enable and disable restricted access.
Has anyone done anything like this before with Umbraco 7 and might have some code to share? I'm looking for any tips on the who route hijack and authorisation part.
Hi David.
I’ve done something like this before, using a custom HttpHandler that intercepted the media file request and validate. In my case I didn’t validate on a member group but instead I needed to validate against an external auth provider, but I guess the principal is the same.
Umbraco 7 | Authorization on Media Items | Restrict specific media to members only
Hi Guys,
I have a requirement to restrict specific media items from been opened by non members.
I have already made a start by.
Creating a restricted folder within the media which I intend to pop all the restricted media.
I I've created a dynamic robots.txt to disallow search engines from indexing these types of documents.
I now need to figure out how to restrict access to these files unless a member is logged in. I'm guessing I need to somehow hijack the route to these files and add some authorisation checks somewhere in between. I am thinking it might actually be better to add a custom property on the media item to enable and disable restricted access.
Has anyone done anything like this before with Umbraco 7 and might have some code to share? I'm looking for any tips on the who route hijack and authorisation part.
Thanks in advanced.
David
Hi David. I’ve done something like this before, using a custom HttpHandler that intercepted the media file request and validate. In my case I didn’t validate on a member group but instead I needed to validate against an external auth provider, but I guess the principal is the same.
Have a look at this blog post, it’s probably at least half of what you are looking for: https://codeshare.co.uk/blog/how-to-protect-media-items-in-umbraco/
Best of luck! Cheers
Hi Dennis,
Just want I am looking for. Thanks
is working on a reply...