Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alexander Gräf 25 posts 131 karma points
    Jun 01, 2021 @ 08:29
    Alexander Gräf
    0

    Serving static content folder protected by backend user login

    Hi,

    I have a folder with static content, in this case HTMLs and images which comprise activity logs, which I want to give the customer access to.

    I'm really stuck on how I can utilize the UsersMembershipProvider to limit access to this folder. Using Members isn't really an option, as the site currently has no members, and the content isn't really meant for members anyway, but for admins who already have a backend login.

    Any pointers on how to achieve this?

    Thank you!

  • Søren Gregersen 441 posts 1883 karma points MVP 2x c-trib
    Jun 01, 2021 @ 09:28
    Søren Gregersen
    0

    Hi,

    It sounds like creating a custom section (https://our.umbraco.com/Documentation/Extending/Section-Trees/sections) where you could create a controller that could serve the files

    HTH :)

  • Alexander Gräf 25 posts 131 karma points
    Jun 01, 2021 @ 09:32
    Alexander Gräf
    0

    Not really trying to integrate it with the rest of the backend, though. Just a bunch of static HTML files that can be viewed directly in a browser.

  • Søren Gregersen 441 posts 1883 karma points MVP 2x c-trib
    Jun 01, 2021 @ 09:42
    Søren Gregersen
    0

    The loginform for the users would be umbraco.

    I would suggest adding a web.config file to the folder, enforce that static files (the html files) are served via asp.net and not the IIS directly:

    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true" />
    </system.webServer>
    

    Then setup the auth to use umbraco as the login

    <authentication mode="Forms">
          <forms name="yourAuthCookie" loginUrl="/umbraco" protection="All" path="/" />
    </authentication>
    

    And change the default membership provider:

    <membership defaultProvider="UsersMembershipProvider" />
    

    I haven't tried the stuff above, but that would be the first attempt I would have at it :)

  • Alexander Gräf 25 posts 131 karma points
    Jun 01, 2021 @ 10:04
    Alexander Gräf
    0

    I tried that. It's necessary to set it at root level, because <authentication> and membership/providers can't be set below that level.

    But even with this line:

    <forms name="yourAuthCookie" loginUrl="/umbraco/#/login/false" protection="All" path="/" />
    

    it fails. First ASP.NET defaults to passing the return URL as ReturnUrl, while Umbraco uses returnPath. So after login, I'm not getting passed back to the protected folder.

    The default login form also doesn't use the "normal" authentication cookie. It seems it is passing user information in the UMB_UCONTEXT cookie.

    So even after login, the protected folder will just redirect back to the login form.

    Any ideas on this?

  • Søren Gregersen 441 posts 1883 karma points MVP 2x c-trib
    Jun 01, 2021 @ 10:09
    Søren Gregersen
    0

    Most of the reason for suggesting making a section :-)

  • Alexander Gräf 25 posts 131 karma points
    Jun 01, 2021 @ 10:15
    Alexander Gräf
    0

    Not really, they're still standalone HTMLs that do not integrate well with the rest of the backend GUI.

    The only other method I could think of would be to make a module that checks all requests for authentication. And then either redirects to the login form with the right returnPath parameter appended, or serves the files if a user was authenticated. Which feels a bit hack-ish.

Please Sign in or register to post replies

Write your reply to:

Draft