I need to protect some static files in Umbraco so they are only available for Umbraco back office users. More precisely, I have a folder (file system) with PDF documents that should only be accesseble to authenticated umbraco users. Eg: "http://mysite.dk/Documents/somedoc.pdf.
Does anybody have any ideas on how this can be done?
Then, the next area you will have to sort out is the 'BackOfficeUserManager', and 'BackOfficeUserStore'.
I don't have much experience with doing Authentication/Authorization for the back office users. What I have done is implement a custom Authentication for members( regular web users ). What worked best for me was to fork the UmbracoIdentity project, putting that project in my solution.
Thangs! i will look into it - but i'm not sure it will help since as you wrote I need to handle back office users and not normal Members. For what i have gatherd till now i need to put my protected resourses under "~/umbraco/backoffice/" so somthing like "~/umbraco/backoffice/documents/mydocument.pdf" then it will be protected i think... But thangs anyway!
Jakob,
Yes, after thinking about it a little more -- if you are ok with the standard back office user authentication/authorization setup, then making a custom BackOfficeManager/BackOfficeUserStore is not the best.
What I was thinking is that you could end up using custom roles on the custom user. And then do tests at the controller level, checking for appropriate roles.
I interpreted you question as wanting to secure that set of .pdf files from a subset of back office users. If you want to allow all back office users, just not front office ( members ); Then your latest post looks like the right path.
Requere umbraco user authentication for specific static resources
I need to protect some static files in Umbraco so they are only available for Umbraco back office users. More precisely, I have a folder (file system) with PDF documents that should only be accesseble to authenticated umbraco users. Eg: "http://mysite.dk/Documents/somedoc.pdf. Does anybody have any ideas on how this can be done?
Hello Jakob, I think you should check out the project :
https://github.com/Shazwazza/UmbracoIdentity
Then, the next area you will have to sort out is the 'BackOfficeUserManager', and 'BackOfficeUserStore'.
I don't have much experience with doing Authentication/Authorization for the back office users. What I have done is implement a custom Authentication for members( regular web users ). What worked best for me was to fork the UmbracoIdentity project, putting that project in my solution.
Hope that helps !! -- Bill
Thangs! i will look into it - but i'm not sure it will help since as you wrote I need to handle back office users and not normal Members. For what i have gatherd till now i need to put my protected resourses under "~/umbraco/backoffice/" so somthing like "~/umbraco/backoffice/documents/mydocument.pdf" then it will be protected i think... But thangs anyway!
Jakob, Yes, after thinking about it a little more -- if you are ok with the standard back office user authentication/authorization setup, then making a custom BackOfficeManager/BackOfficeUserStore is not the best.
What I was thinking is that you could end up using custom roles on the custom user. And then do tests at the controller level, checking for appropriate roles.
I interpreted you question as wanting to secure that set of .pdf files from a subset of back office users. If you want to allow all back office users, just not front office ( members ); Then your latest post looks like the right path.
Bill
is working on a reply...