Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jakob Dyrby 3 posts 33 karma points
    May 31, 2016 @ 12:11
    Jakob Dyrby
    0

    Requere umbraco user authentication for specific static resources

    I need to protect some static files in Umbraco so they are only available for Umbraco back office users. More precisely, I have a folder (file system) with PDF documents that should only be accesseble to authenticated umbraco users. Eg: "http://mysite.dk/Documents/somedoc.pdf. Does anybody have any ideas on how this can be done?

  • Bill Haggerty 43 posts 177 karma points
    May 31, 2016 @ 13:27
    Bill Haggerty
    0

    Hello Jakob, I think you should check out the project :

    https://github.com/Shazwazza/UmbracoIdentity

    Then, the next area you will have to sort out is the 'BackOfficeUserManager', and 'BackOfficeUserStore'.

    I don't have much experience with doing Authentication/Authorization for the back office users. What I have done is implement a custom Authentication for members( regular web users ). What worked best for me was to fork the UmbracoIdentity project, putting that project in my solution.

    Hope that helps !! -- Bill

  • Jakob Dyrby 3 posts 33 karma points
    May 31, 2016 @ 14:18
    Jakob Dyrby
    0

    Thangs! i will look into it - but i'm not sure it will help since as you wrote I need to handle back office users and not normal Members. For what i have gatherd till now i need to put my protected resourses under "~/umbraco/backoffice/" so somthing like "~/umbraco/backoffice/documents/mydocument.pdf" then it will be protected i think... But thangs anyway!

  • Bill Haggerty 43 posts 177 karma points
    May 31, 2016 @ 15:13
    Bill Haggerty
    100

    Jakob, Yes, after thinking about it a little more -- if you are ok with the standard back office user authentication/authorization setup, then making a custom BackOfficeManager/BackOfficeUserStore is not the best.

    What I was thinking is that you could end up using custom roles on the custom user. And then do tests at the controller level, checking for appropriate roles.

    I interpreted you question as wanting to secure that set of .pdf files from a subset of back office users. If you want to allow all back office users, just not front office ( members ); Then your latest post looks like the right path.

    Bill

Please Sign in or register to post replies

Write your reply to:

Draft